Details of VAR-201009-0246

ID

VAR-201009-0246

CVE

CVE-2010-3684

TITLE

Synology Disk Station of FTP Vulnerability in the acquisition of important information in the authentication module

Trust: 0.8

sources: JVNDB: JVNDB-2010-003198

DESCRIPTION

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network

Trust: 1.8

sources: NVD: CVE-2010-3684 // JVNDB: JVNDB-2010-003198 // VULHUB: VHN-46289 // VULMON: CVE-2010-3684

AFFECTED PRODUCTS

vendor:	synology	model:	dsm	scope:	eq	version:	2.3-1161	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.2-1041	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.2-1042	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.2-0942	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.3-1157	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.3-1144	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.3-1139	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.3-1141	Trust: 1.6
vendor:	synology	model:	dsm	scope:	eq	version:	2.2-1045	Trust: 1.6
vendor:	synology	model:	diskstation manager	scope:	eq	version:	2.x	Trust: 0.8

sources: JVNDB: JVNDB-2010-003198 // CNNVD: CNNVD-201009-288 // NVD: CVE-2010-3684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3684
value:	LOW
Trust: 1.0
NVD:	CVE-2010-3684
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201009-288
value:	LOW
Trust: 0.6
VULHUB:	VHN-46289
value:	LOW
Trust: 0.1
VULMON:	CVE-2010-3684
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2010-3684
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-46289
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-46289 // VULMON: CVE-2010-3684 // JVNDB: JVNDB-2010-003198 // CNNVD: CNNVD-201009-288 // NVD: CVE-2010-3684

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-46289 // JVNDB: JVNDB-2010-003198 // NVD: CVE-2010-3684

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201009-288

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201009-288

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003198

PATCH

title:	Top Page	url:	http://www.synology.com/index.php?lang=default	Trust: 0.8
title:	synology_x86_1010+_1337	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=34456	Trust: 0.6

sources: JVNDB: JVNDB-2010-003198 // CNNVD: CNNVD-201009-288

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3684	Trust: 2.6
db:	JVNDB	id:	JVNDB-2010-003198	Trust: 0.8
db:	CNNVD	id:	CNNVD-201009-288	Trust: 0.7
db:	BUGTRAQ	id:	20100926 WEB COMMANDS INJECTION THROUGH FTP LOGIN IN SYNOLOGY DISK STATION - CVE-2010-2453	Trust: 0.6
db:	VULHUB	id:	VHN-46289	Trust: 0.1
db:	VULMON	id:	CVE-2010-3684	Trust: 0.1

sources: VULHUB: VHN-46289 // VULMON: CVE-2010-3684 // JVNDB: JVNDB-2010-003198 // CNNVD: CNNVD-201009-288 // NVD: CVE-2010-3684

REFERENCES

url:	http://www.securityfocus.com/archive/1/513970/100/0/threaded	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3684	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3684	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/513970/100/0/threaded	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-46289 // VULMON: CVE-2010-3684 // JVNDB: JVNDB-2010-003198 // CNNVD: CNNVD-201009-288 // NVD: CVE-2010-3684

SOURCES

db:	VULHUB	id:	VHN-46289
db:	VULMON	id:	CVE-2010-3684
db:	JVNDB	id:	JVNDB-2010-003198
db:	CNNVD	id:	CNNVD-201009-288
db:	NVD	id:	CVE-2010-3684

LAST UPDATE DATE

2024-11-23T21:56:17.692000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-46289	date:	2018-10-10T00:00:00
db:	VULMON	id:	CVE-2010-3684	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2010-003198	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201009-288	date:	2010-10-08T00:00:00
db:	NVD	id:	CVE-2010-3684	date:	2024-11-21T01:19:23.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-46289	date:	2010-09-29T00:00:00
db:	VULMON	id:	CVE-2010-3684	date:	2010-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-003198	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201009-288	date:	2010-09-29T00:00:00
db:	NVD	id:	CVE-2010-3684	date:	2010-09-29T17:00:05.743