QwikSec

Security Database

CVE

CWE

Training

CVE-2017-11156

Published: Aug 14, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

Vendor	Product	Versions
Synology	Synology Download Station	affected `3.8.x before 3.8.5-3475 and 3.x before 3.5-2984`

Weaknesses (CWE)

References

https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.