PT-2019-11150 · Synology · Synology Web Station

Published

2019-04-01

Updated

2019-10-09

CVE-2018-8913

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: Synology Web Station versions prior to 2.1.3-0139

Description: The issue allows remote attackers to conduct phishing attacks via a crafted URL, due to a missing custom error page in Synology Web Station.

Recommendations: For versions prior to 2.1.3-0139, update to version 2.1.3-0139 or later to resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-756

Related Identifiers

CVE-2018-8913

Affected Products

Synology Web Station

PT-2019-11150 · Synology · Synology Web Station

CVE-2018-8913

Weakness Enumeration

Related Identifiers

Affected Products

References · 3