Diskstation Manager@4.3-3810 Security Vulnerabilities and Issues — Diskstation Manager@4.3-3810 CVE List

Lucene search

SynologyDiskstation Manager4.3-3810

3 matches found

CVE•added 2014/01/09 6:7 p.m.•96 views

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

10CVSS7.1AI score0.88181EPSS

CVE•added 2013/12/31 4:4 p.m.•61 views

CVE-2013-6987

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to...

7.5CVSS7AI score0.30281EPSS

CVE•added 2014/03/02 5:55 p.m.•50 views

CVE-2014-2264

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

7.8CVSS6.9AI score0.00383EPSS