Path Traversal Vulnerability in Synology Audio Station
CVE-2022-27611

5.4MEDIUM

Key Information:

Vendor: Synology
Status: Audio Station
Vendor: CVE Published:; 28 July 2022

Summary

A path traversal vulnerability in the webapi component of Synology Audio Station versions prior to 6.5.4-3367 permits remote authenticated users to delete arbitrary files. This flaw arises from improper restrictions on pathname handling that could be exploited by attackers to manipulate file paths, leading to unauthorized file access and deletions. Effective measures need to be implemented to mitigate risks associated with this vulnerability.

Affected Version(s)

Audio Station < 6.5.4-3367

References

https://www.synology.com/security/advisory/Synology_SA_21_21

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Mar 21, 2022