Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
References
Configurations
History
14 Jan 2025, 19:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:* |
21 Nov 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/157807/Synology-DiskStation-Manager-smart.cgi-Remote-Command-Execution.html - | |
References | () https://www.synology.com/en-global/support/security/Synology_SA_17_65_DSM - Vendor Advisory |
Information
Published : 2017-12-04 19:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-15889
Mitre link : CVE-2017-15889
CVE.ORG link : CVE-2017-15889
JSON object : View
Products Affected
synology
- diskstation_manager
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')