Lucene search

[email protected]CVE-2013-6987

HistoryDec 31, 2013 - 4:04 p.m.

CVE-2013-6987

2013-12-3116:04:23

CWE-22

[email protected]

web.nvd.nist.gov

cve

2013

6987

directory traversal

vulnerability

synology diskstation manager

dsm

filebrowser

remote attackers

webapi

filestation

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a … (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

Affected configurations

NVD

Node

synologydiskstation_managerMatch4.3-3810

CPENameOperatorVersion
synology:diskstation_managersynology diskstation managereq4.3-3810

CPE	Name	Operator	Version
synology:diskstation_manager	synology diskstation manager	eq	4.3-3810

References

packetstormsecurity.com/files/124563

seclists.org/fulldisclosure/2013/Dec/177

www.exploit-db.com/exploits/30475

www.securityfocus.com/bid/64483

www.synology.com/en-us/releaseNote/model/DS114

exchange.xforce.ibmcloud.com/vulnerabilities/89892

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for CVE-2013-6987

packetstorm1 nvd1 nessus1 zdt1 cvelist1 prion1 seebug1 securityvulns2