CVE-2017-15895
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@synology.com — https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| synology | router_manager | {"endExcluding":"1.1.5-6542-4"} | 1.1.5-6542-4 |
References
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.