Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges.
CWE-284: Improper Access Control - CVE-2013-6955
Synology DiskStation Manager versions 4.3-3776-3 and below allow a remote unauthenticated user to append arbitrary data to files on the system under root privileges. According to Synology:
A remote unauthenticated attacker may be able to execute arbitrary code on the system under root privileges.
Apply an Update
Thanks to Markus Wulftange for reporting this vulnerability.
This document was written by Todd Lewellen.
|Date First Published:||2014-01-07|
|Date Last Updated:||2014-01-07 18:07 UTC|