CVE-2017-15889

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Dec 4, 2017
Updated: Jan 14, 2025
CWE ID 77

Summary

CVE-2017-15889 is a command injection vulnerability affecting Synology DiskStation Manager (DSM) prior to version 5.2-5967-5. Authenticated users can exploit this flaw by inputting malicious commands through the disk field, leading to arbitrary command execution. This vulnerability poses a significant risk, as it allows attackers to gain unauthorized control over the Synology DiskStations. Successful exploitation could result in data theft, system damage, or even the deployment of malware. Users are strongly advised to update their DSM installation to a secure version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • DiskStation Manager

Affected Vendors

  • Synology