Synology-SA-18:14 DSM

Publish Time: 2018-03-27 16:02:31 UTC+8

Last Updated: 2018-03-27 16:02:31 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple vulnerabilities allow remote attackers to steal credentials or inject arbitrary web script or HTML via a susceptible version of Synology DiskStation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.1 Important Upgrade to 6.1.6-15266 or above.
DSM 6.0 Important Upgrade to 6.1.6-15266 or above.
DSM 5.2 Important Upgrade to 6.1.6-15266 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

  • Xie Wei (解炜)

  • 1N3@CrowdShield (https://crowdshield.com)

  • Taien Wang (https://www.linkedin.com/in/taienwang/)

Revision

Revision Date Description
1 2018-03-27 Initial public release.