SQL Injection Vulnerability in Synology Video Station Software
CVE-2015-6911

Currently unrated

Key Information:

Vendor: Synology
Status: Video Station
Vendor: CVE Published:; 11 September 2015

Summary

The Synology Video Station is vulnerable to SQL injection, allowing remote attackers to manipulate the database by injecting arbitrary SQL commands through the 'id' parameter in the watchstatus.cgi script. This weakness can lead to unauthorized data access and modifications, posing significant security risks for users still running affected versions of the software.

References

https://www.securify.nl/advisory/SFY20150810/synology_vid...

x_refsource_MISC

https://www.synology.com/en-global/releaseNote/VideoStati...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/536427/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 11, 2015
Vulnerability Reserved
Sep 11, 2015