2 matches found
Synology Download Station Arbitrary Code Execution Vulnerability
Synology Download Station is a set of web-based download applications from Synology. The program supports BT, FTP and HTTP protocols to download files. A security vulnerability exists in Synology Download Station version 3.8.x prior to 3.8.5-3475 and version 3.x prior to 3.5-2984, which stems fro...
CVE-2017-11156
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions 0777 for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors...