CVE-2018-13281

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2-23739-2

Description The issue allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file path parameter. This is related to an information exposure vulnerability in SYNO.Core.ACL.

Recommendations For versions prior to 6.2-23739-2, update to version 6.2-23739-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the file path parameter to minimize the risk of exploitation.