CVE-2013-6987

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Dec 31, 2013

Updated: Jan 14, 2025

CWE ID 22

Summary

CVE-2013-6987 is a directory traversal vulnerability affecting Synology DiskStation Manager (DSM) before the 4.3-3810 Update 3. This issue allows remote attackers to manipulate several components, including file_delete.cgi, file_share.cgi, fbdownload/, html5_upload.cgi, file_download.cgi, file_sharing.cgi, file_MVCP.cgi, and file_rename.cgi in the webapi/FileStation/ directory. By inserting ".." (dot dot) in specified parameters like path or dlink, attackers can read, write, and delete arbitrary files on the targeted system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DiskStation Manager

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/Ke0vKx
https://www.cve.org/CVERecord?id=CVE-2013-6987
https://nvd.nist.gov/vuln/detail/CVE-2013-6987

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners