CVE-2018-8916

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2-23739

Description The issue concerns an unverified password change vulnerability in the Change Password feature. This allows remote authenticated users to reset passwords without proper verification.

Recommendations For versions prior to 6.2-23739, update to version 6.2-23739 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640CWE-620

Related Identifiers

CVE-2018-8916

Affected Products

Synology Diskstation Manager

CVE-2018-8916

Weakness Enumeration

Related Identifiers

Affected Products

References · 3