What is the severity of CVE-2016-6554?

CVE-2016-6554 poses a high security risk due to the use of non-random default credentials that can allow unauthorized access.

How do I fix CVE-2016-6554?

To resolve CVE-2016-6554, update the firmware of affected Synology NAS devices to the latest version that addresses this vulnerability.

Which Synology devices are affected by CVE-2016-6554?

CVE-2016-6554 affects the Synology NAS servers DS107 with firmware version 3.1-1639 and prior, and DS116, DS213 with firmware versions prior to 5.2-5644-1.

What kind of access can be gained through CVE-2016-6554?

A remote attacker can gain privileged access to a vulnerable Synology NAS device through CVE-2016-6554.

What are the default credentials vulnerable in CVE-2016-6554?

The default credentials exposed in CVE-2016-6554 are guest with a blank password and admin with a blank password.

Vulnerability/
CVE-2016-6554

critical

CWE

255

13/7/2018

6/8/2024

CVE-2016-6554: Synology NAS servers DS107, DS116, and DS213, use default credentials

First published: Fri Jul 13 2018(Updated: )

Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Synology Ds107 Firmware	<=3.1-1639
Synology Ds107
Synology Ds213 Firmware	<=5.2-5644-1
Synology Ds213
Synology Ds116 Firmware	<=5.2-5644-1
Synology Ds116

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6554?
CVE-2016-6554 poses a high security risk due to the use of non-random default credentials that can allow unauthorized access.
How do I fix CVE-2016-6554?
To resolve CVE-2016-6554, update the firmware of affected Synology NAS devices to the latest version that addresses this vulnerability.
Which Synology devices are affected by CVE-2016-6554?
CVE-2016-6554 affects the Synology NAS servers DS107 with firmware version 3.1-1639 and prior, and DS116, DS213 with firmware versions prior to 5.2-5644-1.
What kind of access can be gained through CVE-2016-6554?
A remote attacker can gain privileged access to a vulnerable Synology NAS device through CVE-2016-6554.
What are the default credentials vulnerable in CVE-2016-6554?
The default credentials exposed in CVE-2016-6554 are guest with a blank password and admin with a blank password.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/title
agent/references
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/synology
canonical/synology ds107 firmware
version/synology ds107 firmware/3.1-1639
canonical/synology ds107
canonical/synology ds213 firmware
version/synology ds213 firmware/5.2-5644-1
canonical/synology ds213
canonical/synology ds116 firmware
version/synology ds116 firmware/5.2-5644-1
canonical/synology ds116

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.