CVE-2017-9554: Infoleak
First published: Mon Jul 24 2017(Updated: )
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Photos Diskstation Manager | <=6.1.1-15101-4 | |
| Synology Photos Diskstation Manager | <=6.1.1-15101-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9554?
CVE-2017-9554 has been identified as a moderate severity information exposure vulnerability.
How do I fix CVE-2017-9554?
To mitigate CVE-2017-9554, users should upgrade to Synology DiskStation Manager version 6.1.3-15152 or later.
What type of attack is made possible by CVE-2017-9554?
CVE-2017-9554 allows remote attackers to enumerate valid usernames on affected Synology DiskStation Managers.
Which versions of Synology DiskStation Manager are affected by CVE-2017-9554?
CVE-2017-9554 affects Synology DiskStation Manager versions up to and including 6.1.1-15101-4.
Is my data at risk due to CVE-2017-9554?
Yes, CVE-2017-9554 poses a risk as it enables attackers to discover valid usernames, potentially leading to further exploitation.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- vendor/synology
- canonical/synology photos diskstation manager
- version/synology photos diskstation manager/6.1.1-15101-4