Vulnerabilites related to synology - disk_station_ds410j
CVE-2010-3684 (GCVE-0-2010-3684)
Vulnerability from cvelistv5
Published
2010-09-29 16:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/513970/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3684",
"datePublished": "2010-09-29T16:00:00",
"dateReserved": "2010-09-29T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2453 (GCVE-0-2010-2453)
Vulnerability from cvelistv5
Published
2010-09-29 16:00
Modified
2024-08-07 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/513970/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2453",
"datePublished": "2010-09-29T16:00:00",
"dateReserved": "2010-06-24T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-09-29 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synology | dsm | 2.2-0942 | |
| synology | dsm | 2.2-1041 | |
| synology | dsm | 2.2-1042 | |
| synology | dsm | 2.2-1045 | |
| synology | dsm | 2.3-1139 | |
| synology | dsm | 2.3-1141 | |
| synology | dsm | 2.3-1144 | |
| synology | dsm | 2.3-1157 | |
| synology | dsm | 2.3-1161 | |
| synology | dsm | 3.0-1334 | |
| synology | disk_station_ds1010\+ | * | |
| synology | disk_station_ds109 | * | |
| synology | disk_station_ds110\+ | * | |
| synology | disk_station_ds110j | * | |
| synology | disk_station_ds209 | * | |
| synology | disk_station_ds210\+ | * | |
| synology | disk_station_ds210j | * | |
| synology | disk_station_ds409slim | * | |
| synology | disk_station_ds410 | * | |
| synology | disk_station_ds410j | * | |
| synology | disk_station_ds411\+ | * | |
| synology | disk_station_ds710\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*",
"matchCriteriaId": "850A03A9-978D-4A60-90B2-A037023A34C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*",
"matchCriteriaId": "121E0EE0-0673-42AB-B7E2-CD6729BE26F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB4A66B-FC2F-47A3-8480-695DE2D52979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*",
"matchCriteriaId": "F61AF3A3-09BD-4EE0-95A6-984CD8B1D71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*",
"matchCriteriaId": "7B20EE94-8F9F-45D1-97F1-C429D75E8666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC7BB6B-C5F5-42F1-B4B6-39B011C3515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*",
"matchCriteriaId": "F02F59B2-0224-4CF6-AF55-C2A7B0919955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AADE49-1663-48E9-BEE4-E4FF955FC7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*",
"matchCriteriaId": "5D469DB1-81A7-4F57-833F-CC796C4391F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:3.0-1334:*:*:*:*:*:*:*",
"matchCriteriaId": "E14D8A0D-1621-4462-B683-8CB45AB24093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99359E4-8DFE-4995-9893-CCA6CEB4B8F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BC068B-16C8-4B4F-9851-4B5293FAEF68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1166EF93-847B-4D97-BE07-A6DE16B5E2A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14FF9E89-018F-4726-BBA3-4ADD1E73F021",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3B3E5F-7F93-424C-842D-6D9A793972F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4719A127-3E49-4B74-AECB-023D17DB0528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F66242-CE8F-4569-97CF-63312CC2D358",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "294CBF5E-AB11-42A1-9466-B62224CE976F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF651B4-C186-40B5-8F76-9CD1983E919E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29EFF4D3-362B-40A2-8DEC-3BD20D2859F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC21A0D4-CB0F-4336-AF71-1DFE1DFDDE28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4D1826-8C3B-4789-A6AD-B5FCF9980936",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Synology Disk Station v2.x antes de DSM3.0-1337 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante la conexi\u00f3n al servidor FTP y proporciondo un comando (1) USER o (2) PASS manipulados, los cuales son escritos por el m\u00f3dulo de registro (log) del FTP a una ventana de registro de interfaz web, relacionadas con un problema de \"inyecci\u00f3n de comandos web\" ."
}
],
"id": "CVE-2010-2453",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-29T17:00:02.993",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-29 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synology | dsm | 2.2-0942 | |
| synology | dsm | 2.2-1041 | |
| synology | dsm | 2.2-1042 | |
| synology | dsm | 2.2-1045 | |
| synology | dsm | 2.3-1139 | |
| synology | dsm | 2.3-1141 | |
| synology | dsm | 2.3-1144 | |
| synology | dsm | 2.3-1157 | |
| synology | dsm | 2.3-1161 | |
| synology | disk_station_ds1010\+ | * | |
| synology | disk_station_ds109 | * | |
| synology | disk_station_ds110\+ | * | |
| synology | disk_station_ds110j | * | |
| synology | disk_station_ds209 | * | |
| synology | disk_station_ds210\+ | * | |
| synology | disk_station_ds210j | * | |
| synology | disk_station_ds409slim | * | |
| synology | disk_station_ds410 | * | |
| synology | disk_station_ds410j | * | |
| synology | disk_station_ds411\+ | * | |
| synology | disk_station_ds710\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*",
"matchCriteriaId": "850A03A9-978D-4A60-90B2-A037023A34C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*",
"matchCriteriaId": "121E0EE0-0673-42AB-B7E2-CD6729BE26F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB4A66B-FC2F-47A3-8480-695DE2D52979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*",
"matchCriteriaId": "F61AF3A3-09BD-4EE0-95A6-984CD8B1D71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*",
"matchCriteriaId": "7B20EE94-8F9F-45D1-97F1-C429D75E8666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC7BB6B-C5F5-42F1-B4B6-39B011C3515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*",
"matchCriteriaId": "F02F59B2-0224-4CF6-AF55-C2A7B0919955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AADE49-1663-48E9-BEE4-E4FF955FC7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*",
"matchCriteriaId": "5D469DB1-81A7-4F57-833F-CC796C4391F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99359E4-8DFE-4995-9893-CCA6CEB4B8F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BC068B-16C8-4B4F-9851-4B5293FAEF68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1166EF93-847B-4D97-BE07-A6DE16B5E2A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14FF9E89-018F-4726-BBA3-4ADD1E73F021",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3B3E5F-7F93-424C-842D-6D9A793972F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4719A127-3E49-4B74-AECB-023D17DB0528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F66242-CE8F-4569-97CF-63312CC2D358",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "294CBF5E-AB11-42A1-9466-B62224CE976F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF651B4-C186-40B5-8F76-9CD1983E919E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29EFF4D3-362B-40A2-8DEC-3BD20D2859F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC21A0D4-CB0F-4336-AF71-1DFE1DFDDE28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4D1826-8C3B-4789-A6AD-B5FCF9980936",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."
},
{
"lang": "es",
"value": "El m\u00f3dulo de autenticaci\u00f3n de FTP en Synology Disk Station v2.x registra las contrase\u00f1as de la interfaz de aplicaci\u00f3n web en los casos de intentos de conexi\u00f3n incorrecta, lo cual permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un registro, una vulnerabilidad diferente de CVE-2010-2453."
}
],
"id": "CVE-2010-3684",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-29T17:00:05.743",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}