|
Description
|
|
Andrea Fabrizi has reported multiple vulnerabilities in Synology DiskStation Manager, which can be exploited by malicious users to bypass certain security restrictions.
1) Input passed via the "path" POST parameter to webapi/FileStation/file_delete.cgi is not properly verified before being used to delete files. This can be exploited to delete arbitrary files via directory traversal sequences.
2) Input passed via the "folder_path" POST parameter to webapi/FileStation/file_share.cgi is not properly verified before being used to list directory contents. This can be exploited to disclose the contents of arbitrary directories via directory traversal sequences.
3) Input passed via the "dlink" GET parameter to fbdownload/ is not properly verified before being used to serve files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
The vulnerabilities are reported in versions prior to 4.3-3810 Update 3.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
Synology DiskStation Manager 4.xVulnerable Software:
|
|
|
|
|
|
Solution
|
|
Update to version 4.3-3810 Update 3.
|
|
|
|
|
|
CVE
|
|
CVE-2013-6987
|
|
|
|
|
|
References
|
|
Synology:
http://www.synology.com/en-global/releaseNote/model/DS114
Andrea Fabrizi:
http://www.andreafabrizi.it/?exploits:dsm_2
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
