PT-2018-18724 · Synology · Synology Photo Station

Thomas Fady

Published

2018-06-08

Updated

2019-10-09

CVE-2018-8926

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology Photo Station versions prior to 6.8.5-3471 Synology Photo Station versions prior to 6.3-2975

Description The issue is related to a permissive regular expression vulnerability in the synophoto dsm user component of Synology Photo Station. This vulnerability allows remote authenticated users to conduct privilege escalation attacks. The attack is carried out via the fullname parameter.

Recommendations For versions prior to 6.8.5-3471, update to version 6.8.5-3471 or later. For versions prior to 6.3-2975, update to version 6.3-2975 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-625

Related Identifiers

CVE-2018-8926

Affected Products

Synology Photo Station

PT-2018-18724 · Synology · Synology Photo Station

CVE-2018-8926

Weakness Enumeration

Related Identifiers

Affected Products

References · 3