Описание
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.8.16-3566 (исключая)
cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01637
Низкий
9.9 Critical
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
больше 3 лет назад
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
EPSS
Процентиль: 82%
0.01637
Низкий
9.9 Critical
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77