Published: 24/07/2017 Updated: 12/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 506

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) prior to 6.1.3-15152 allows remote malicious users to enumerate valid usernames via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
synology diskstation manager

# Exploit Title: Synology DiskStation Manager (DSM) < 613-15152 - 'forget_passwdcgi' User Enumeration # Date: 01/05/2018 # Exploit Author: Steve Kaun # Vendor Homepage: wwwsynologycom # Version: Before 613-15152 # CVE : CVE-2017-9554 Previously this was identified by the developer and the disclosure states "via unspecified vecto ...

Synology DiskStation Manager (DMS) versions prior to 613-15152 suffer from a forget_passwdcgi user enumeration vulnerability ...

Tiny script to enumerate users using CVE-2017-9554 (forget_passwd.cgi)

Synology DiskStation User Enumeration (CVE-2017-9554) Basic script to enumerate valid users on Synology DiskStation < v613-15152

CVE-2017-9554 Exploit Tool

CVE-2017-9554-Exploit-Tool CVE-2017-9554 Exploit Tool Synology DiskStation Manager (DSM) < 613-15152 - 'forget_passwdcgi' User Enumeration EXPLOIT Tool Exploit Author : Steve Kaun Exploit Tool Author : Ez0-yf Vendor Homepage : wwwsynologycom Version : Before 613-15152 CVE : CVE-2017-9554

CWE-200 https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM https://www.exploit-db.com/exploits/43455/https://nvd.nist.gov https://www.exploit-db.com/exploits/43455/https://github.com/rfcl/Synology-DiskStation-User-Enumeration-CVE-2017-9554-

CVE-2017-9554

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect