CWE
918
Advisory Published
Updated

CVE-2017-11149: SSRF

First published: Fri Aug 11 2017(Updated: )

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

Credit: security@synology.com

Affected SoftwareAffected VersionHow to fix
Synology Download Station=3.2-2295
Synology Download Station=3.3-2382
Synology Download Station=3.3-2383
Synology Download Station=3.3-2386
Synology Download Station=3.4-2477
Synology Download Station=3.4-2478
Synology Download Station=3.4-2480
Synology Download Station=3.4-2485
Synology Download Station=3.4-2486
Synology Download Station=3.4-2489
Synology Download Station=3.4-2490
Synology Download Station=3.4-2514
Synology Download Station=3.4-2555
Synology Download Station=3.4-2557
Synology Download Station=3.4-2558
Synology Download Station=3.5-2638
Synology Download Station=3.5-2705
Synology Download Station=3.5-2706
Synology Download Station=3.5-2955
Synology Download Station=3.5-2956
Synology Download Station=3.5-2962
Synology Download Station=3.5-2963
Synology Download Station=3.5-2967
Synology Download Station=3.5-2968
Synology Download Station=3.5-2970
Synology Download Station=3.5-2973
Synology Download Station=3.5-2980
Synology Download Station=3.5-2982
Synology Download Station=3.8.0-3416
Synology Download Station=3.8.1-3420
Synology Download Station=3.8.2-3455
Synology Download Station=3.8.3-3458
Synology Download Station=3.8.4-3468

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203