Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSynologyCVELIST:CVE-2017-9552
HistoryJun 13, 2017 - 1:00 p.m.

CVE-2017-9552

2017-06-1313:00:00
CWE-522
synology
www.cve.org

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by โ€œsynophoto_dsm_user --auth USERNAME PASSWORDโ€, and local users are able to obtain credentials by sniffing โ€œ/proc/*/cmdlineโ€.

CNA Affected

[
  {
    "product": "Synology Photo Station",
    "vendor": "Synology",
    "versions": [
      {
        "status": "affected",
        "version": "6.0-2528 through 6.7.1-3419"
      }
    ]
  }
]

Related

cve 1
nvd 1
prion 1
cve
cve
CVE-2017-9552
2017-06-13 13:29:00
nvd
nvd
CVE-2017-9552
2017-06-13 13:29:00
prion
prion
Default credentials
2017-06-13 13:29:00

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2017-9552
cve1nvd1prion1