CVE-2010-3684
First published: Wed Sep 29 2010(Updated: )
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology DiskStation Manager | =2.2-0942 | |
| Synology DiskStation Manager | =2.2-1041 | |
| Synology DiskStation Manager | =2.2-1042 | |
| Synology DiskStation Manager | =2.2-1045 | |
| Synology DiskStation Manager | =2.3-1139 | |
| Synology DiskStation Manager | =2.3-1141 | |
| Synology DiskStation Manager | =2.3-1144 | |
| Synology DiskStation Manager | =2.3-1157 | |
| Synology DiskStation Manager | =2.3-1161 | |
| Synology Disk Station DS1010+ | ||
| Synology Disk Station DS109 | ||
| Synology Disk Station DS110+ | ||
| Synology Disk Station DS110j | ||
| Synology DiskStation DS209 | ||
| Synology Disk Station DS210+ | ||
| Synology DiskStation DS210j | ||
| Synology Disk Station DS409slim | ||
| Synology Disk Station DS410 | ||
| Synology Disk Station DS410j | ||
| Synology DiskStation DS411+ | ||
| Synology DiskStation DS710+ |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3684?
CVE-2010-3684 has a medium severity rating due to its potential to expose sensitive information.
How do I fix CVE-2010-3684?
To fix CVE-2010-3684, you should update the Synology Disk Station firmware to the latest version that addresses this vulnerability.
What versions of Synology Disk Station are affected by CVE-2010-3684?
CVE-2010-3684 affects Synology Disk Station DSM 2.x versions, specifically 2.2-0942, 2.2-1041, 2.2-1042, 2.2-1045, and 2.3-1139 to 2.3-1161.
How does CVE-2010-3684 operate?
CVE-2010-3684 operates by logging passwords to the web interface on unsuccessful FTP login attempts, which can be accessed by local users.
Who is at risk of CVE-2010-3684?
Local users with access to the Synology Disk Station systems running affected versions are at risk from CVE-2010-3684.
- collector/nvd-historical
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/synology
- canonical/synology diskstation manager
- version/synology diskstation manager/2.2-0942
- version/synology diskstation manager/2.2-1041
- version/synology diskstation manager/2.2-1042
- version/synology diskstation manager/2.2-1045
- version/synology diskstation manager/2.3-1139
- version/synology diskstation manager/2.3-1141
- version/synology diskstation manager/2.3-1144
- version/synology diskstation manager/2.3-1157
- version/synology diskstation manager/2.3-1161
- canonical/synology disk station ds1010+
- canonical/synology disk station ds109
- canonical/synology disk station ds110+
- canonical/synology disk station ds110j
- canonical/synology diskstation ds209
- canonical/synology disk station ds210+
- canonical/synology diskstation ds210j
- canonical/synology disk station ds409slim
- canonical/synology disk station ds410
- canonical/synology disk station ds410j
- canonical/synology diskstation ds411+
- canonical/synology diskstation ds710+