CVE-2017-15895: Path Traversal
First published: Fri Dec 08 2017(Updated: )
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Router Manager | <1.1.5-6542-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-15895?
CVE-2017-15895 is a directory traversal vulnerability in the SYNO.FileStation.Extract component in Synology Router Manager (SRM) before version 1.1.5-6542-4.
How does CVE-2017-15895 impact the Synology Router Manager?
CVE-2017-15895 allows remote authenticated users to write arbitrary files on the Synology Router Manager by exploiting the directory traversal vulnerability in the SYNO.FileStation.Extract component.
What is the severity rating of CVE-2017-15895?
CVE-2017-15895 has a severity rating of 6.5 out of 10 (medium severity).
How can I fix the directory traversal vulnerability in Synology Router Manager (SRM) related to CVE-2017-15895?
To fix the directory traversal vulnerability related to CVE-2017-15895, ensure that you have updated Synology Router Manager to version 1.1.5-6542-4 or later.
Where can I find more information about CVE-2017-15895?
You can find more information about CVE-2017-15895 on the Synology website at https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/synology
- canonical/synology router manager