Vulnerability Description
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Dsm | 2.2-0942 |
| Synology | Disk Station Ds1010\+ | All versions |
| Synology | Disk Station Ds109 | All versions |
| Synology | Disk Station Ds110\+ | All versions |
| Synology | Disk Station Ds110J | All versions |
| Synology | Disk Station Ds209 | All versions |
| Synology | Disk Station Ds210\+ | All versions |
| Synology | Disk Station Ds210J | All versions |
| Synology | Disk Station Ds409Slim | All versions |
| Synology | Disk Station Ds410 | All versions |
| Synology | Disk Station Ds410J | All versions |
| Synology | Disk Station Ds411\+ | All versions |
| Synology | Disk Station Ds710\+ | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/513970/100/0/threaded
- http://www.securityfocus.com/archive/1/513970/100/0/threaded
FAQ
What is CVE-2010-3684?
CVE-2010-3684 is a vulnerability with a CVSS score of 2.1 (LOW). The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive informatio...
How severe is CVE-2010-3684?
CVE-2010-3684 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3684?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Dsm, Synology Disk Station Ds1010\+, Synology Disk Station Ds109, Synology Disk Station Ds110\+, Synology Disk Station Ds110J.