PT-2014-3236 · Synology · Synology Diskstation Manager
Markus Wulftange
·
Published
2014-01-09
·
Updated
2025-01-14
·
CVE-2013-6955
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Synology DiskStation Manager (DSM) versions 4.0 through 4.0-2258
Synology DiskStation Manager (DSM) versions 4.2 through 4.2-3242
Synology DiskStation Manager (DSM) versions 4.3 through 4.3-3809
Description
The issue allows remote attackers to append data to arbitrary files and consequently execute arbitrary code via a pathname in the
SLICEUPLOAD X-TMP-FILE HTTP header in the webman/imageSelector.cgi component.Recommendations
For Synology DiskStation Manager (DSM) versions 4.0 through 4.0-2258, update to version 4.0-2259 or later.
For Synology DiskStation Manager (DSM) versions 4.2 through 4.2-3242, update to version 4.2-3243 or later.
For Synology DiskStation Manager (DSM) versions 4.3 through 4.3-3809, update to version 4.3-3810 Update 1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Synology Diskstation Manager