PT-2010-4998 · Synology · Synology Disk Station

Published

2010-09-29

Updated

2018-10-10

CVE-2010-3684

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Synology Disk Station versions 2.x

Description The FTP authentication module logs passwords to the web application interface in cases of incorrect login attempts, allowing local users to obtain sensitive information by reading a log.

Recommendations For Synology Disk Station versions 2.x, consider disabling the FTP authentication module until a patch is available to prevent local users from obtaining sensitive information. Restrict access to the log files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2010-3684

Affected Products

Synology Disk Station

PT-2010-4998 · Synology · Synology Disk Station

CVE-2010-3684

Weakness Enumeration

Related Identifiers

Affected Products

References · 2