CVE-2017-11156 (GCVE-0-2017-11156)
Vulnerability from cvelistv5
Published
2017-08-14 19:00
Modified
2024-09-16 19:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions ()
Summary
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Synology Download Station |
Version: 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synology Download Station",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984"
}
]
}
],
"datePublic": "2017-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions (CWE-276)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T18:57:01",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2017-08-11T00:00:00",
"ID": "CVE-2017-11156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synology Download Station",
"version": {
"version_data": [
{
"version_value": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2017-11156",
"datePublished": "2017-08-14T19:00:00Z",
"dateReserved": "2017-07-10T00:00:00",
"dateUpdated": "2024-09-16T19:36:36.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-11156\",\"sourceIdentifier\":\"security@synology.com\",\"published\":\"2017-08-14T19:29:01.147\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Synology Download Station 3.8.x en versiones anteriores a la 3.8.5-3475 y 3.x en versiones anteriores a la 3.5-2984 emplea permisos d\u00e9biles (0777) para el directorio ui/dlm/btsearch, lo que permite que usuarios remotos autenticados ejecuten c\u00f3digo arbitrario mediante la subida de un archivo ejecutable usando vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@synology.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.2-2295:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"388EC850-91FB-495E-8CC1-E3B6468A7D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.3-2382:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0EE8CB0-5D39-4361-B17F-D073377B8E22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.3-2383:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEF5E40E-AFF1-4548-8F80-61D11A658C44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.3-2386:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87DAD7D7-C695-4C6A-9674-199C61604B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2477:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47302F69-2ED0-431E-82EE-16942C8B14B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2478:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74EF711B-10DA-4356-8ED0-FFF08BDB0A7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2480:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400A6164-B4D7-4988-B16A-E3CFABDB995D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2485:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D5F75FA-B343-4513-B92C-5F3D89DEB2AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2486:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C5D8FDA-BE01-440A-93F5-0314C15B345C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2489:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"043E910E-9129-43C9-B27F-0A8C6AC9D44A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2490:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3DD08D-4025-424B-8B6D-6F45F64BA1BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2514:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4ED375-025B-4C51-B8B4-DDAFE550C7E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2555:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2FA562D-F3C5-43D3-8FF2-5C3BC84B23C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2557:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3688F1-5EFC-4611-9976-85EAF9595255\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.4-2558:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99FBB132-BF8D-4B95-A32A-12B40E85C1FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2638:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC3C6CE-9E0F-499F-B3AC-2D9F21289670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2705:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B93E493C-1889-40B3-B8C7-0F4D0B6B72DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2706:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4712A752-7F18-45B0-A333-287734E6B46B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2955:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"971F5675-E834-48FE-AED6-0D06E554FEED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2956:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34FFE8AC-9E8B-4435-B6A7-B876AFF4D669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2962:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD9AD47A-71CA-4E9F-B4BB-49C664BFFDAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2963:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98D5E19B-A34F-4FD1-AC8E-005E6F565ED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858B2972-78D9-496D-B61D-BB38F5CC8B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2968:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645A9A0B-F0D1-4122-A5D4-E12D32AA8633\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2970:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD9E764-07E4-44F0-B268-7BFFE1E91F78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2973:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61DFFD31-8496-4B23-8AA0-05D895A4FF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2980:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFB54B93-7F72-4797-8620-552EB9971B0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.5-2982:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D6CEC0-9BAE-4627-A57A-5DBA81A39AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.8.0-3416:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27981034-F4ED-47B7-9A87-D5EAD8BB4EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.8.1-3420:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E525F0C-1D37-447D-A688-6FD87822889C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.8.2-3455:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3240461-598E-4C41-9234-400AAAEE32B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.8.3-3458:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D36302B-9478-4348-8059-D89BEC858F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:download_station:3.8.4-3468:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFFA7620-E000-448D-BEC2-9EEC47649334\"}]}]}],\"references\":[{\"url\":\"https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station\",\"source\":\"security@synology.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…