Synology-SA-17:76 Photo Station

Publish Time: 2017-12-07 15:14:06 UTC+8

Last Updated: 2018-02-24 19:26:34 UTC+8

Severity
Moderate
Status
Resolved

Abstract

The vulnerability allowing remote attackers to obtain sensitive information via a susceptible version of Photo Station.

Updates for Affected Products

Product Severity Fixed Release Availability
Photo Station 6.8 Moderate Upgrade to 6.8.2-3461 or above.

Mitigation

None

Detail

  • CVE-2017-16769
    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

Acknowledgement

Peter Bennink (https://www.linkedin.com/in/peter-bennink/)

Revision History

Revision Date Description
1 2017-12-07 Initial public release.
2 2018-02-24 Disclosed vulnerability details.