Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Synology Download Station 安全漏洞
Vulnerability Description
Synology Download Station是群晖(Synology)公司的一套基于Web的下载应用程序。该程序支持BT、FTP和HTTP等协议下载文件。 Synology Download Station 3.8.5-3475之前的3.8.x版本和3.5-2984之前的3.x版本中存在安全漏洞,该漏洞源于程序为ui/dlm/btsearch目录分配了弱权限(0777)。远程攻击者可通过上传可执行文件利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A