Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2017-9554)

An information exposure vulnerability in forgetpasswd.cgi in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

VulnCheck KEV: CVE-2017-9554

An information exposure vulnerability in forgetpasswd.cgi in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors...

CVE-2017-9554

creationtimestamp| type| source ---|---|--- 2020-05-21 21:48:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/synologyforgetpasswduserenum.rb 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...

Synology DiskStation Manager (DSM) 6.1.3-15152 - forget_passwd.cgi User Enumeration

Synology DiskStation Manager DSM 6.1.3-15152 - forgetpasswd.cgi User Enumeration Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE ...

Synology DiskStation Manager (DSM) < 6.1.3-15152 - forget_passwd.cgi User Enumeration

Exploit for cgi platform in category web applications Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE : CVE-2017-9554 Previously...

Synology DiskStation Manager (DSM) &lt; 6.1.3-15152 - &#039;forget_passwd.cgi&#039; User Enumeration

Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE : CVE-2017-9554 Previously this was identified by the developer and the disclosur...

CVE-2017-9554

Synology DiskStation Manager (DSM) is affected by CVE-2017-9554 via the forget_passwd.cgi endpoint. The vulnerability is an information exposure that allows remote attackers to enumerate valid usernames. Affected firmware versions are DSM prior to 6.1.3-15152. The root cause is information leakag...