Unknown
CVE-2017-9552
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by “synophoto_dsm_user —auth USERNAME PASSWORD”, and local users are able to obtain credentials by sniffing “/proc/*/cmdline”.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- photo station 6.0-2528,
- photo station 6.0-2636,
- photo station 6.0-2638,
- photo station 6.0-2639,
- photo station 6.0-2640,
- photo station 6.3-2944,
- photo station 6.3-2958,
- photo station 6.3-2960,
- photo station 6.3-2962,
- photo station 6.3-2963,
- photo station 6.3-2964,
- photo station 6.3-2965,
- photo station 6.4-3166,
- photo station 6.5.0-3218,
- photo station 6.5.1-3223,
- photo station 6.5.2-3225,
- photo station 6.5.3-3226,
- photo station 6.6.0-3339,
- photo station 6.6.1-3345,
- photo station 6.6.1-3346,
- photo station 6.6.2-3346,
- photo station 6.6.3-3347,
- photo station 6.7.0-3414,
- photo station 6.7.1-3419
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
