SQL Injection Vulnerability in Synology Video Station Products
CVE-2015-6910

Currently unrated

Key Information:

Vendor: Synology
Status: Video Station
Vendor: CVE Published:; 11 September 2015

Summary

An SQL injection vulnerability exists in Synology Video Station versions prior to 1.5-0757. This flaw enables remote attackers to execute arbitrary SQL commands through the 'id' parameter in the audiotrack.cgi script, potentially compromising the integrity and availability of the application. Users of affected versions are urged to upgrade to the latest release to secure their installations and protect against unauthorized access.

References

https://www.synology.com/en-global/support/security/Video...

x_refsource_CONFIRM

https://www.securify.nl/advisory/SFY20150810/synology_vid...

x_refsource_MISC

https://www.synology.com/en-global/releaseNote/VideoStati...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 11, 2015
Vulnerability Reserved
Sep 11, 2015