File and Directory Information Exposure in Synology Surveillance Station
CVE-2017-16770

6.5MEDIUM

Key Information:

Vendor: Synology
Status: Surveillance Station
Vendor: CVE Published:; 27 February 2018

What is CVE-2017-16770?

A vulnerability exists in Synology Surveillance Station that allows remote authenticated users to access sensitive files from other users. Specifically, the flaw resides in the SYNO.SurveillanceStation.PersonalSettings.Photo component, where improper handling of the filename parameter can lead to exposure of private information. This affects all versions of Surveillance Station prior to 8.1.2-5469, emphasizing the need for prompt updates to protect user data from unauthorized access.

Affected Version(s)

Surveillance Station before 8.1.2-5469

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2018
Vulnerability Reserved
Nov 10, 2017