CVE-2016-6554
Synology NAS servers DS107, DS116, and DS213, use default credentials
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.
Los servidores Synology NAS DS107, en versiones de firmware 3.1-1639 y anteriores; y DS116 y DS213, en versiones de firmware anteriores a la 5.2-5644-1, emplea credenciales por defecto no aleatorias de: uest:(en blanco) y admin:(en blanco) . Un atacante remoto en la red puede obtener acceso privilegiado a un dispositivo vulnerable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-08-03 CVE Reserved
- 2018-07-13 CVE Published
- 2024-03-01 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.kb.cert.org/vuls/id/404187 | Third Party Advisory |
|
| https://www.securityfocus.com/bid/93805 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.synology.com/en-global/releaseNote/DS213 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Synology Search vendor "Synology" | Ds107 Firmware Search vendor "Synology" for product "Ds107 Firmware" | <= 3.1-1639 Search vendor "Synology" for product "Ds107 Firmware" and version " <= 3.1-1639" | - |
Affected
| in | Synology Search vendor "Synology" | Ds107 Search vendor "Synology" for product "Ds107" | - | - |
Safe
|
| Synology Search vendor "Synology" | Ds213 Firmware Search vendor "Synology" for product "Ds213 Firmware" | <= 5.2-5644-1 Search vendor "Synology" for product "Ds213 Firmware" and version " <= 5.2-5644-1" | - |
Affected
| in | Synology Search vendor "Synology" | Ds213 Search vendor "Synology" for product "Ds213" | - | - |
Safe
|
| Synology Search vendor "Synology" | Ds116 Firmware Search vendor "Synology" for product "Ds116 Firmware" | <= 5.2-5644-1 Search vendor "Synology" for product "Ds116 Firmware" and version " <= 5.2-5644-1" | - |
Affected
| in | Synology Search vendor "Synology" | Ds116 Search vendor "Synology" for product "Ds116" | - | - |
Safe
|