2.1
CVSSv2

CVE-2017-9552

Published: 13/06/2017 Updated: 09/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A design flaw in authentication in Synology Photo Station 6.0-2528 up to and including 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

synology photo station 6.0-2528

synology photo station 6.0-2636

synology photo station 6.0-2638

synology photo station 6.0-2639

synology photo station 6.0-2640

synology photo station 6.3-2944

synology photo station 6.3-2958

synology photo station 6.3-2960

synology photo station 6.3-2962

synology photo station 6.3-2963

synology photo station 6.3-2964

synology photo station 6.3-2965

synology photo station 6.4-3166

synology photo station 6.5.0-3218

synology photo station 6.5.1-3223

synology photo station 6.5.2-3225

synology photo station 6.5.3-3226

synology photo station 6.6.0-3339

synology photo station 6.6.1-3345

synology photo station 6.6.1-3346

synology photo station 6.6.2-3346

synology photo station 6.6.3-3347

synology photo station 6.7.0-3414

synology photo station 6.7.1-3419