Information Exposure Vulnerability in Synology Photo Station by Synology
CVE-2017-12080
5.3MEDIUM
Summary
An information exposure vulnerability exists in the default HTTP configuration of Synology Photo Station versions prior to 6.8.1-3458 and 6.3-2970. This flaw allows remote attackers to gain access to sensitive system information by exploiting an improperly configured .htaccess file. Organizations using affected versions should ensure their installations are updated to mitigate risks associated with unauthorized data access.
Affected Version(s)
Photo Station before 6.8.1-3458
Photo Station before 6.3-2970
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved