PT-2018-4954 · Synology · Ds213+2
Ezra Caltum
+1
·
Published
2018-07-13
·
Updated
2019-10-09
·
CVE-2016-6554
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Synology NAS servers DS107 version 3.1-1639 and prior
Synology NAS servers DS116 versions prior to 5.2-5644-1
Synology NAS servers DS213 versions prior to 5.2-5644-1
Description
The issue concerns the use of non-random default credentials in Synology NAS servers. Specifically, the default credentials are
guest: (blank) and admin: (blank). A remote network attacker can exploit this to gain privileged access to a vulnerable device.Recommendations
For DS107 version 3.1-1639 and prior, change the default credentials for
guest and admin to secure passwords.
For DS116 versions prior to 5.2-5644-1, update to version 5.2-5644-1 or later and change the default credentials for guest and admin to secure passwords.
For DS213 versions prior to 5.2-5644-1, update to version 5.2-5644-1 or later and change the default credentials for guest and admin to secure passwords.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ds107
Ds116
Ds213