Vulnerability Description
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Photo Station | <= 6.5.2-3225 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2016/q1/236ExploitThird Party AdvisoryVDB Entry
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-01-PhotoStaExploitThird Party Advisory
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-02-PhotoStaExploitThird Party Advisory
- https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226Release Notes
- http://seclists.org/oss-sec/2016/q1/236ExploitThird Party AdvisoryVDB Entry
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-01-PhotoStaExploitThird Party Advisory
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-02-PhotoStaExploitThird Party Advisory
- https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226Release Notes
FAQ
What is CVE-2016-10329?
CVE-2016-10329 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' hea...
How severe is CVE-2016-10329?
CVE-2016-10329 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10329?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Photo Station.