CVE-2017-11149 - Server-Side Request Forgery (SSRF)

Severity

40%

Complexity

80%

Confidentiality

48%

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

Overview

Type

Synology Download Station

First reported 7 years ago

2017-08-14 19:29:00

Last updated 5 years ago

2019-10-09 23:21:00

Affected Software

Synology Download Station 3.2-2295

3.2-2295

Synology Download Station 3.3-2382

3.3-2382

Synology Download Station 3.3-2383

3.3-2383

Synology Download Station 3.3-2386

3.3-2386

Synology Download Station 3.4-2477

3.4-2477

Synology Download Station 3.4-2478

3.4-2478

Synology Download Station 3.4-2480

3.4-2480

Synology Download Station 3.4-2485

3.4-2485

Synology Download Station 3.4-2486

3.4-2486

Synology Download Station 3.4-2489

3.4-2489

Synology Download Station 3.4-2490

3.4-2490

Synology Download Station 3.4-2514

3.4-2514

Synology Download Station 3.4-2555

3.4-2555

Synology Download Station 3.4-2557

3.4-2557

Synology Download Station 3.4-2558

3.4-2558

Synology Download Station 3.5-2638

3.5-2638

Synology Download Station 3.5-2705

3.5-2705

Synology Download Station 3.5-2706

3.5-2706

Synology Download Station 3.5-2955

3.5-2955

Synology Download Station 3.5-2956

3.5-2956

Synology Download Station 3.5-2962

3.5-2962

Synology Download Station 3.5-2967

3.5-2967

Synology Download Station 3.5-2968

3.5-2968

Synology Download Station 3.5-2970

3.5-2970

Synology Download Station 3.5-2973

3.5-2973

Synology Download Station 3.5-2980

3.5-2980

Synology Download Station 3.5-2982

3.5-2982

Synology Download Station 3.8.0-3416

3.8.0-3416

Synology Download Station 3.8.1-3420

3.8.1-3420

Synology Download Station 3.8.2-3455

3.8.2-3455

Synology Download Station 3.8.3-3458

3.8.3-3458

Synology Download Station 3.8.4-3468

3.8.4-3468

References

https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.