Synology-SA-17:21 Photo Station
Publish Time: UTC+8
Last Updated: UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
CVE-2017-9552 has been found in Photo Station and allows local users to obtain sensitive information of other users.
Severity
Moderate
Affected
Products
- Photo Station
Models
- All Synology NAS models
Description
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline.
The CVSS vector of this vulnerability is triaged as CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N by Synology Security Team.
Mitigation
None
Update Availability
To fix the security issue, go to DSM > Package Center, and update Photo Station to the latest version (6.7.2-3429).
Acknowledgement
Synology would like to thank Frédéric Crozat for reporting this issue.