Lucene search

MitreCVE-2015-6910

HistorySep 11, 2015 - 4:59 p.m.

CVE-2015-6910

2015-09-1116:59:16

CWE-89

mitre

web.nvd.nist.gov

cve

2015

6910

sql injection

vulnerability

synology video station

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

Affected configurations

Nvd

Node

synologyvideo_stationRange≤1.5-0754

VendorProductVersionCPE
synologyvideo_station*cpe:2.3:a:synology:video_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synology	video_station	*	cpe:2.3:a:synology:video_station::::::::

References

packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html

seclists.org/fulldisclosure/2015/Sep/31

www.securityfocus.com/archive/1/536427/100/0/threaded

www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html

www.synology.com/en-global/releaseNote/VideoStation?model=DS715

www.synology.com/en-global/support/security/Video_Station_1_5_0757

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

Related for CVE-2015-6910