20 matches found
EUVD-2016-7475
Malware in sbrugna...
Synology NAS / DiskStation Manager Detection (findhostd)
findhostd based detection of Synology NAS devices, DiskStation Manager DSM OS and application. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Synology Forget Password User Enumeration Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Synology Forget Password User Enumeration Scanner', 'Description' = %q This module attempts to enumerate users on the Synology NAS by sending GET...
Synology NAS / DiskStation Manager Detection (SNMP)
SNMP based detection of Synology NAS / DiskStation Manager DSM. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Synology NAS / DiskStation Manager Detection (SSH Login)
SSH login-based detection of Synology NAS / DiskStation Manager DSM. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Synology DiskStation Manager (DSM) < 7.1.1-42962-2 Multiple Vulnerabilities (Synology-SA-22:17) - Remote Known Vulnerable Versions Check
Multiple Synology NAS devices running DiskStation Manager DSM are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Synology NAS / DiskStation Manager (DSM) Detection Consolidation
Consolidation of Synology NAS devices, DiskStation Manager DSM OS and application detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Synology Calendar Cross-Site Request Forgery Vulnerability
Synology Calendar, a file protection application running on Synology NAS devices from Synology, Taiwan, China, is vulnerable to cross-site request spoofing in versions prior to Synology Calendar 2.3.4-0631, which stems from a webapi component that does not adequately validate that the request is...
Synology Calendar Cross-Site Scripting Vulnerability (CNVD-2022-67855)
Synology Calendar is a file protection program from Synology Inc. of Taiwan, China that runs on Synology NAS Network Storage Server devices. A cross-site scripting vulnerability exists in Synology Calendar versions prior to 2.4.5-10930. The vulnerability stems from the program's lack of data...
Synology DiskStation Manager In-Thread Competitive Condition Vulnerability
DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. An in-thread race condition vulnerability exists in iscsisnapshotcommcore in Synology DiskStation Manager versions prior to 6.2.3-25426-3. A remote attacker can...
Default credentials
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:blank and admin:blank . A remote network attacker can gain privileged access to a vulnerable device...
CVE-2016-6554
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:blank and admin:blank . A remote network attacker can gain privileged access to a vulnerable device...
CVE-2016-6554
Affected products: Synology NAS DS107 (firmware 3.1-1639 and earlier), DS116, and DS213 (firmware earlier than 5.2-5644-1). Vulnerability: use of non-random default credentials (guest: blank, admin: blank) allows a remote network attacker to gain privileged access. Impact: attacker could obtain p...
CVE-2016-6554 Synology NAS servers DS107, DS116, and DS213, use default credentials
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:blank and admin:blank . A remote network attacker can gain privileged access to a vulnerable device...
Siaberry 1.2.2 - Command Injection Vulnerability
Exploit for hardware platform in category web applications Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying a...
Synology Photostation 6.7.2-3429 - Multiple Vulnerabilities
Synology Photostation 6.7.2-3429 - Multiple Vulnerabilities Synology Photostation Multiple Vulnerabilities Vendor: Synology Product: Synology Photostation Version: = 6.7.2-3429 Website: http://www.synology.com / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// //...
Synology StorageManager 5.2 - Root Remote Command Execution
''' SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3540 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes a remote command execution vulnerability found in...
Synology StorageManager 5.2 - Remote Root Command Execution Exploit
Exploit for cgi platform in category web applications ''' SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3540 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes...
Synology NAS servers contain insecure default credentials
Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...
Synology NAS / DiskStation Manager Detection (HTTP)
HTTP based detection of Synology NAS devices, DiskStation Manager DSM OS and application. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...