CVE-2017-9552

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:synology:photo_station:6.0-2636:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.5.2-3225:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2963:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2962:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.0-2640:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.6.2-3346:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2965:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.6.1-3346:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2964:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.5.1-3223:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.5.0-3218:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.6.1-3345:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2960:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.7.1-3419:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.0-2638:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.6.3-3347:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.4-3166:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.7.0-3414:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.6.0-3339:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.0-2639:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2944:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.0-2528:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.5.3-3226:*:*:*:*:*:*:*
cpe:2.3:a:synology:photo_station:6.3-2958:*:*:*:*:*:*:*

Information

Published : 2017-06-13 06:29

Updated : 2019-10-09 16:30


NVD link : CVE-2017-9552

Mitre link : CVE-2017-9552


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

synology

  • photo_station