Sign-up

ID

VAR-201802-0398


CVE

CVE-2017-16770


TITLE

Synology Surveillance Station Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-012768

DESCRIPTION

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. Synology Surveillance Station Contains an information disclosure vulnerability.Information may be obtained. User Profile is one of the user information storage files

Trust: 1.71

sources: NVD: CVE-2017-16770 // JVNDB: JVNDB-2017-012768 // VULHUB: VHN-107726

AFFECTED PRODUCTS

vendor:synologymodel:surveillance stationscope:ltversion:8.1.2-5469

Trust: 1.8

sources: JVNDB: JVNDB-2017-012768 // NVD: CVE-2017-16770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16770
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-16770
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-365
value: MEDIUM

Trust: 0.6

VULHUB: VHN-107726
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-16770
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-107726
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16770
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-107726 // JVNDB: JVNDB-2017-012768 // CNNVD: CNNVD-201711-365 // NVD: CVE-2017-16770

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-538

Trust: 1.0

sources: VULHUB: VHN-107726 // JVNDB: JVNDB-2017-012768 // NVD: CVE-2017-16770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-365

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-365

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012768

PATCH
title:Synology-SA-17:77url:https://www.synology.com/en-global/support/security/Synology_SA_17_77
Trust: 0.8
title:Synology Surveillance Station Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100176
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012768 // 
            
            
            
            CNNVD: CNNVD-201711-365

EXTERNAL IDS
db:NVDid:CVE-2017-16770
Trust: 2.5
db:JVNDBid:JVNDB-2017-012768
Trust: 0.8
db:CNNVDid:CNNVD-201711-365
Trust: 0.7
db:VULHUBid:VHN-107726
Trust: 0.1
sources:
            
            
            VULHUB: VHN-107726 // 
            
            
            
            JVNDB: JVNDB-2017-012768 // 
            
            
            
            CNNVD: CNNVD-201711-365 // 
            
            
            
            NVD: CVE-2017-16770

REFERENCES
url:https://www.synology.com/en-global/support/security/synology_sa_17_77
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16770
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16770
Trust: 0.8
sources:
            
            
            VULHUB: VHN-107726 // 
            
            
            
            JVNDB: JVNDB-2017-012768 // 
            
            
            
            CNNVD: CNNVD-201711-365 // 
            
            
            
            NVD: CVE-2017-16770

SOURCES
db:VULHUBid:VHN-107726
db:JVNDBid:JVNDB-2017-012768
db:CNNVDid:CNNVD-201711-365
db:NVDid:CVE-2017-16770

LAST UPDATE DATE
2024-11-23T22:26:28.829000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-107726date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-012768date:2018-04-16T00:00:00
db:CNNVDid:CNNVD-201711-365date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16770date:2024-11-21T03:16:56.350

SOURCES RELEASE DATE
db:VULHUBid:VHN-107726date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2017-012768date:2018-04-16T00:00:00
db:CNNVDid:CNNVD-201711-365date:2017-11-13T00:00:00
db:NVDid:CVE-2017-16770date:2018-02-27T15:29:00.380