Vulnerability Description
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Ds107 Firmware | <= 3.1-1639 |
| Synology | Ds107 | - |
| Synology | Ds213 Firmware | <= 5.2-5644-1 |
| Synology | Ds213 | - |
| Synology | Ds116 Firmware | <= 5.2-5644-1 |
| Synology | Ds116 | - |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/404187Third Party AdvisoryUS Government Resource
- https://www.securityfocus.com/bid/93805Third Party AdvisoryVDB Entry
- https://www.synology.com/en-global/releaseNote/DS213Release NotesVendor Advisory
- https://www.kb.cert.org/vuls/id/404187Third Party AdvisoryUS Government Resource
- https://www.securityfocus.com/bid/93805Third Party AdvisoryVDB Entry
- https://www.synology.com/en-global/releaseNote/DS213Release NotesVendor Advisory
FAQ
What is CVE-2016-6554?
CVE-2016-6554 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A rem...
How severe is CVE-2016-6554?
CVE-2016-6554 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6554?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Ds107 Firmware, Synology Ds107, Synology Ds213 Firmware, Synology Ds213, Synology Ds116 Firmware.