Описание
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*
cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:synology:disk_station_ds1010\+:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds110\+:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds210\+:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds411\+:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:disk_station_ds710\+:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00124
Низкий
2.1 Low
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
EPSS
Процентиль: 32%
0.00124
Низкий
2.1 Low
CVSS2
Дефекты
CWE-255