Check Point Advisories

Update Protection against Synology Disk Station FTP Login Web Commands Injection Vulnerability

Check Point Reference: CPAI-2010-270
Date Published: 30 Sep 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Check Point Vulnerability Discovery Team
Industry Reference:CVE-2010-2453
Protection Provided by:
Who is Vulnerable? Synology Disk Station 2.x
Vulnerability Description A remote command injection vulnerability has been discovered in Synology Disk Station. The Synology Disk Station is a product designed for storage purposes of small offices or home users. It supports several terabytes of total storage. A remote attacker may exploit this vulnerability to execute arbitrary commands on an affected system.
Update/Patch AvaliableSynology has released a new version, DSM3.0-1337: http://www.synology.com/support/download.php?lang=enu.
Vulnerability DetailsThe vulnerability is due to insufficient validation by Disk Station web interface when handling a malformed login command. Remote attackers could exploit this vulnerability by sending a specially crafted login command to a vulnerable system. Successful exploitation would allow the attacker to execute arbitrary commands on the affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK