CVE-2017-11149

EPSS 0.28%
Veröffentlicht 14.08.2017 19:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security@synology.com
Teams Watchlist Login
Unerledigt Login

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Synology ≫ Download Station Version3.2-2295

Synology ≫ Download Station Version3.3-2382

Synology ≫ Download Station Version3.3-2383

Synology ≫ Download Station Version3.3-2386

Synology ≫ Download Station Version3.4-2477

Synology ≫ Download Station Version3.4-2478

Synology ≫ Download Station Version3.4-2480

Synology ≫ Download Station Version3.4-2485

Synology ≫ Download Station Version3.4-2486

Synology ≫ Download Station Version3.4-2489

Synology ≫ Download Station Version3.4-2490

Synology ≫ Download Station Version3.4-2514

Synology ≫ Download Station Version3.4-2555

Synology ≫ Download Station Version3.4-2557

Synology ≫ Download Station Version3.4-2558

Synology ≫ Download Station Version3.5-2638

Synology ≫ Download Station Version3.5-2705

Synology ≫ Download Station Version3.5-2706

Synology ≫ Download Station Version3.5-2955

Synology ≫ Download Station Version3.5-2956

Synology ≫ Download Station Version3.5-2962

Synology ≫ Download Station Version3.5-2963

Synology ≫ Download Station Version3.5-2967

Synology ≫ Download Station Version3.5-2968

Synology ≫ Download Station Version3.5-2970

Synology ≫ Download Station Version3.5-2973

Synology ≫ Download Station Version3.5-2980

Synology ≫ Download Station Version3.5-2982

Synology ≫ Download Station Version3.8.0-3416

Synology ≫ Download Station Version3.8.1-3420

Synology ≫ Download Station Version3.8.2-3455

Synology ≫ Download Station Version3.8.3-3458

Synology ≫ Download Station Version3.8.4-3468

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.487

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-11149

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11149

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11149

EUVD