Weak Permissions in Synology Download Station Allow Remote Code Execution
CVE-2017-11156
What is CVE-2017-11156?
Synology Download Station versions 3.8.x prior to 3.8.5-3475 and 3.x prior to 3.5-2984 exhibit a security flaw due to weak file permissions set to 0777 for the ui/dlm/btsearch directory. This misconfiguration permits remote authenticated users to upload executable files, potentially allowing them to execute arbitrary code on the server through various unspecified vectors. Users are strongly advised to upgrade to the latest versions to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved