CVE-2017-11156
First published: Mon Aug 14 2017(Updated: )
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Download Station | =3.2-2295 | |
| Synology Download Station | =3.3-2382 | |
| Synology Download Station | =3.3-2383 | |
| Synology Download Station | =3.3-2386 | |
| Synology Download Station | =3.4-2477 | |
| Synology Download Station | =3.4-2478 | |
| Synology Download Station | =3.4-2480 | |
| Synology Download Station | =3.4-2485 | |
| Synology Download Station | =3.4-2486 | |
| Synology Download Station | =3.4-2489 | |
| Synology Download Station | =3.4-2490 | |
| Synology Download Station | =3.4-2514 | |
| Synology Download Station | =3.4-2555 | |
| Synology Download Station | =3.4-2557 | |
| Synology Download Station | =3.4-2558 | |
| Synology Download Station | =3.5-2638 | |
| Synology Download Station | =3.5-2705 | |
| Synology Download Station | =3.5-2706 | |
| Synology Download Station | =3.5-2955 | |
| Synology Download Station | =3.5-2956 | |
| Synology Download Station | =3.5-2962 | |
| Synology Download Station | =3.5-2963 | |
| Synology Download Station | =3.5-2967 | |
| Synology Download Station | =3.5-2968 | |
| Synology Download Station | =3.5-2970 | |
| Synology Download Station | =3.5-2973 | |
| Synology Download Station | =3.5-2980 | |
| Synology Download Station | =3.5-2982 | |
| Synology Download Station | =3.8.0-3416 | |
| Synology Download Station | =3.8.1-3420 | |
| Synology Download Station | =3.8.2-3455 | |
| Synology Download Station | =3.8.3-3458 | |
| Synology Download Station | =3.8.4-3468 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11156?
CVE-2017-11156 has a high severity due to its potential for remote code execution.
How do I fix CVE-2017-11156?
To fix CVE-2017-11156, upgrade Synology Download Station to version 3.8.5-3475 or later.
What are the affected versions for CVE-2017-11156?
CVE-2017-11156 affects Synology Download Station versions prior to 3.8.5-3475 and 3.x versions earlier than 3.5-2984.
Can unauthorized users exploit CVE-2017-11156?
CVE-2017-11156 requires authenticated users to exploit the weak permissions for code execution.
What type of vulnerability is CVE-2017-11156?
CVE-2017-11156 is a vulnerability that allows for execution of arbitrary code due to improper file permission settings.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/author
- agent/references
- agent/softwarecombine
- agent/severity
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/synology
- canonical/synology download station
- version/synology download station/3.2-2295
- version/synology download station/3.3-2382
- version/synology download station/3.3-2383
- version/synology download station/3.3-2386
- version/synology download station/3.4-2477
- version/synology download station/3.4-2478
- version/synology download station/3.4-2480
- version/synology download station/3.4-2485
- version/synology download station/3.4-2486
- version/synology download station/3.4-2489
- version/synology download station/3.4-2490
- version/synology download station/3.4-2514
- version/synology download station/3.4-2555
- version/synology download station/3.4-2557
- version/synology download station/3.4-2558
- version/synology download station/3.5-2638
- version/synology download station/3.5-2705
- version/synology download station/3.5-2706
- version/synology download station/3.5-2955
- version/synology download station/3.5-2956
- version/synology download station/3.5-2962
- version/synology download station/3.5-2963
- version/synology download station/3.5-2967
- version/synology download station/3.5-2968
- version/synology download station/3.5-2970
- version/synology download station/3.5-2973
- version/synology download station/3.5-2980
- version/synology download station/3.5-2982
- version/synology download station/3.8.0-3416
- version/synology download station/3.8.1-3420
- version/synology download station/3.8.2-3455
- version/synology download station/3.8.3-3458
- version/synology download station/3.8.4-3468