Sign-up

ID

VAR-201904-0605


CVE

CVE-2018-13290


TITLE

Synology DiskStation Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015179

DESCRIPTION

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology Router Manager (SRM) is a software for configuring and managing Synology routers developed by Synology, Taiwan. The SYNO.Core.ACL in versions earlier than Synology SRM 1.1.7-6941-2 has an information disclosure vulnerability, which is caused by configuration errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2018-13290 // JVNDB: JVNDB-2018-015179 // VULHUB: VHN-123335

AFFECTED PRODUCTS

vendor:synologymodel:router managerscope:gteversion:1.1

Trust: 1.0

vendor:synologymodel:router managerscope:ltversion:1.1.7-6941-2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:1.1.7-6941-2

Trust: 0.8

sources: JVNDB: JVNDB-2018-015179 // NVD: CVE-2018-13290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13290
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2018-13290
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13290
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-012
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123335
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13290
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123335
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13290
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-123335 // JVNDB: JVNDB-2018-015179 // CNNVD: CNNVD-201904-012 // NVD: CVE-2018-13290 // NVD: CVE-2018-13290

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123335 // JVNDB: JVNDB-2018-015179 // NVD: CVE-2018-13290

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-012

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015179

PATCH
title:Synology-SA-18:51 DSMurl:https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_51
Trust: 0.8
title:Synology Router Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90928
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015179 // 
            
            
            
            CNNVD: CNNVD-201904-012

EXTERNAL IDS
db:NVDid:CVE-2018-13290
Trust: 2.5
db:JVNDBid:JVNDB-2018-015179
Trust: 0.8
db:CNNVDid:CNNVD-201904-012
Trust: 0.7
db:VULHUBid:VHN-123335
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123335 // 
            
            
            
            JVNDB: JVNDB-2018-015179 // 
            
            
            
            CNNVD: CNNVD-201904-012 // 
            
            
            
            NVD: CVE-2018-13290

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_48
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13290
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13290
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123335 // 
            
            
            
            JVNDB: JVNDB-2018-015179 // 
            
            
            
            CNNVD: CNNVD-201904-012 // 
            
            
            
            NVD: CVE-2018-13290

SOURCES
db:VULHUBid:VHN-123335
db:JVNDBid:JVNDB-2018-015179
db:CNNVDid:CNNVD-201904-012
db:NVDid:CVE-2018-13290

LAST UPDATE DATE
2024-11-23T21:52:20.793000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123335date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015179date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-012date:2019-04-04T00:00:00
db:NVDid:CVE-2018-13290date:2024-11-21T03:46:46.150

SOURCES RELEASE DATE
db:VULHUBid:VHN-123335date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015179date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-012date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13290date:2019-04-01T15:29:00.593