CVE-2017-16770

2018-02-2715:00:00

CWE-538

synology

www.cve.org

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user’s sensitive files via the filename parameter.

CNA Affected

[
  {
    "product": "Surveillance Station",
    "vendor": "Synology",
    "versions": [
      {
        "status": "affected",
        "version": "before 8.1.2-5469"
      }
    ]
  }
]

References

www.synology.com/en-global/support/security/Synology_SA_17_77