Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Download_station | Synology | 3.2-2295 (including) | 3.2-2295 (including) |
Download_station | Synology | 3.3-2382 (including) | 3.3-2382 (including) |
Download_station | Synology | 3.3-2383 (including) | 3.3-2383 (including) |
Download_station | Synology | 3.3-2386 (including) | 3.3-2386 (including) |
Download_station | Synology | 3.4-2477 (including) | 3.4-2477 (including) |
Download_station | Synology | 3.4-2478 (including) | 3.4-2478 (including) |
Download_station | Synology | 3.4-2480 (including) | 3.4-2480 (including) |
Download_station | Synology | 3.4-2485 (including) | 3.4-2485 (including) |
Download_station | Synology | 3.4-2486 (including) | 3.4-2486 (including) |
Download_station | Synology | 3.4-2489 (including) | 3.4-2489 (including) |
Download_station | Synology | 3.4-2490 (including) | 3.4-2490 (including) |
Download_station | Synology | 3.4-2514 (including) | 3.4-2514 (including) |
Download_station | Synology | 3.4-2555 (including) | 3.4-2555 (including) |
Download_station | Synology | 3.4-2557 (including) | 3.4-2557 (including) |
Download_station | Synology | 3.4-2558 (including) | 3.4-2558 (including) |
Download_station | Synology | 3.5-2638 (including) | 3.5-2638 (including) |
Download_station | Synology | 3.5-2705 (including) | 3.5-2705 (including) |
Download_station | Synology | 3.5-2706 (including) | 3.5-2706 (including) |
Download_station | Synology | 3.5-2955 (including) | 3.5-2955 (including) |
Download_station | Synology | 3.5-2956 (including) | 3.5-2956 (including) |
Download_station | Synology | 3.5-2962 (including) | 3.5-2962 (including) |
Download_station | Synology | 3.5-2963 (including) | 3.5-2963 (including) |
Download_station | Synology | 3.5-2967 (including) | 3.5-2967 (including) |
Download_station | Synology | 3.5-2968 (including) | 3.5-2968 (including) |
Download_station | Synology | 3.5-2970 (including) | 3.5-2970 (including) |
Download_station | Synology | 3.5-2973 (including) | 3.5-2973 (including) |
Download_station | Synology | 3.5-2980 (including) | 3.5-2980 (including) |
Download_station | Synology | 3.5-2982 (including) | 3.5-2982 (including) |
Download_station | Synology | 3.8.0-3416 (including) | 3.8.0-3416 (including) |
Download_station | Synology | 3.8.1-3420 (including) | 3.8.1-3420 (including) |
Download_station | Synology | 3.8.2-3455 (including) | 3.8.2-3455 (including) |
Download_station | Synology | 3.8.3-3458 (including) | 3.8.3-3458 (including) |
Download_station | Synology | 3.8.4-3468 (including) | 3.8.4-3468 (including) |