Synology Download Station 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
synology download station 3.5-2973 |
||
synology download station 3.5-2970 |
||
synology download station 3.5-2968 |
||
synology download station 3.5-2967 |
||
synology download station 3.4-2489 |
||
synology download station 3.4-2486 |
||
synology download station 3.4-2485 |
||
synology download station 3.4-2480 |
||
synology download station 3.4-2478 |
||
synology download station 3.8.0-3416 |
||
synology download station 3.5-2980 |
||
synology download station 3.5-2963 |
||
synology download station 3.5-2956 |
||
synology download station 3.4-2555 |
||
synology download station 3.4-2490 |
||
synology download station 3.3-2386 |
||
synology download station 3.3-2382 |
||
synology download station 3.8.4-3468 |
||
synology download station 3.8.3-3458 |
||
synology download station 3.8.2-3455 |
||
synology download station 3.5-2706 |
||
synology download station 3.5-2705 |
||
synology download station 3.5-2638 |
||
synology download station 3.4-2558 |
||
synology download station 3.2-2295 |
||
synology download station 3.8.1-3420 |
||
synology download station 3.5-2982 |
||
synology download station 3.5-2962 |
||
synology download station 3.5-2955 |
||
synology download station 3.4-2557 |
||
synology download station 3.4-2514 |
||
synology download station 3.4-2477 |
||
synology download station 3.3-2383 |
Vulmon