CVE-2017-11156
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Synology Download Station 3.8.x en versiones anteriores a la 3.8.5-3475 y 3.x en versiones anteriores a la 3.5-2984 emplea permisos débiles (0777) para el directorio ui/dlm/btsearch, lo que permite que usuarios remotos autenticados ejecuten código arbitrario mediante la subida de un archivo ejecutable usando vectores sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-07-10 CVE Reserved
- 2017-08-14 CVE Published
- 2024-03-14 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.2-2295 Search vendor "Synology" for product "Download Station" and version "3.2-2295" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.3-2382 Search vendor "Synology" for product "Download Station" and version "3.3-2382" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.3-2383 Search vendor "Synology" for product "Download Station" and version "3.3-2383" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.3-2386 Search vendor "Synology" for product "Download Station" and version "3.3-2386" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2477 Search vendor "Synology" for product "Download Station" and version "3.4-2477" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2478 Search vendor "Synology" for product "Download Station" and version "3.4-2478" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2480 Search vendor "Synology" for product "Download Station" and version "3.4-2480" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2485 Search vendor "Synology" for product "Download Station" and version "3.4-2485" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2486 Search vendor "Synology" for product "Download Station" and version "3.4-2486" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2489 Search vendor "Synology" for product "Download Station" and version "3.4-2489" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2490 Search vendor "Synology" for product "Download Station" and version "3.4-2490" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2514 Search vendor "Synology" for product "Download Station" and version "3.4-2514" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2555 Search vendor "Synology" for product "Download Station" and version "3.4-2555" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2557 Search vendor "Synology" for product "Download Station" and version "3.4-2557" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.4-2558 Search vendor "Synology" for product "Download Station" and version "3.4-2558" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2638 Search vendor "Synology" for product "Download Station" and version "3.5-2638" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2705 Search vendor "Synology" for product "Download Station" and version "3.5-2705" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2706 Search vendor "Synology" for product "Download Station" and version "3.5-2706" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2955 Search vendor "Synology" for product "Download Station" and version "3.5-2955" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2956 Search vendor "Synology" for product "Download Station" and version "3.5-2956" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2962 Search vendor "Synology" for product "Download Station" and version "3.5-2962" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2963 Search vendor "Synology" for product "Download Station" and version "3.5-2963" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2967 Search vendor "Synology" for product "Download Station" and version "3.5-2967" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2968 Search vendor "Synology" for product "Download Station" and version "3.5-2968" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2970 Search vendor "Synology" for product "Download Station" and version "3.5-2970" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2973 Search vendor "Synology" for product "Download Station" and version "3.5-2973" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2980 Search vendor "Synology" for product "Download Station" and version "3.5-2980" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.5-2982 Search vendor "Synology" for product "Download Station" and version "3.5-2982" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.8.0-3416 Search vendor "Synology" for product "Download Station" and version "3.8.0-3416" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.8.1-3420 Search vendor "Synology" for product "Download Station" and version "3.8.1-3420" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.8.2-3455 Search vendor "Synology" for product "Download Station" and version "3.8.2-3455" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.8.3-3458 Search vendor "Synology" for product "Download Station" and version "3.8.3-3458" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Download Station Search vendor "Synology" for product "Download Station" | 3.8.4-3468 Search vendor "Synology" for product "Download Station" and version "3.8.4-3468" | - |
Affected
| ||||||