Synology-SA-20:20 Photo Station

Abstract

Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Photo Station.

Affected Products

^[1] Photo Station 6.3 has reached End-of-Life (EOL) status since 2019-07-01. For user who uses Photo Station 6.3, please upgrade to DSM 6.2 for the latest Photo Station 6.8.

Mitigation

None

Detail

• CVE-2021-29089

  • Severity: Critical
  • CVSS3 Base Score: 9.8
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.

• CVE-2021-29090

  • Severity: Important
  • CVSS3 Base Score: 7.2
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.

• CVE-2021-29091

  • Severity: Important
  • CVSS3 Base Score: 7.7
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
  • Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.

• CVE-2021-29092

  • Severity: Important
  • CVSS3 Base Score: 8.8
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Acknowledgement

Bing-Jhong Jheng

Revision