Directory Traversal Vulnerability in Synology DNS Server
CVE-2017-12074

6.5MEDIUM

Key Information:

Vendor: Synology
Status: Synology Dns Server
Vendor: CVE Published:; 24 August 2017

What is CVE-2017-12074?

The vulnerability in Synology DNS Server before version 2.2.1-3042 allows remote authenticated attackers to exploit directory traversal weaknesses. By manipulating the 'domain_name' parameter, attackers can write arbitrary files on the server, potentially leading to unauthorized access or modification of sensitive data. This security flaw underscores the importance of applying security updates and ensuring proper access controls to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Synology DNS Server before 2.2.1-3042

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2017
Vulnerability Reserved
Jul 31, 2017

JSON

Synology

What is CVE-2017-12074?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.