Synology-SA-17:28 Download Station

2017-08-11 22:29:00

Severity
Critical
Status
Resolved

Abstract

Several vulnerabilities have been found in Download Station:

CVE-2017-11149 allows remote authenticated attackers to download arbitrary files from a vulnerable NAS.

CVE-2017-11156 allows remote authenticated attackers to execute arbitrary commands on a vulnerable NAS.

Severity

  • CVE-2017-11149
    • Moderate
    • CVSSv3 Base Score: 6.5
  • CVE-2017-11156
    • Critical
    • CVSSv3 Base Score: 8.8

Affected

  • Products
    • Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984
  • Models
    • All Synology NAS models

Description

  • CVE-2017-11149
    Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

  • CVE-2017-11156
    Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

Mitigation

None

Update Availability

To fix the security issues, please go to DSM > Package Center and install the latest version of Download Station.