CVE-2017-12074

2017-08-2300:00:00

CWE-22

synology

www.cve.org

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.

CNA Affected

[
  {
    "product": "Synology DNS Server",
    "vendor": "Synology",
    "versions": [
      {
        "status": "affected",
        "version": "before 2.2.1-3042"
      }
    ]
  }
]

References

www.synology.com/en-global/support/security/Synology_SA_17_46_DNS_Server