This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Synology DiskStation Manager is affected by a directory
The Synology DiskStation Manager installed on the remote host is
affected by a directory traversal vulnerability. By sending a large,
padded file path to the 'lang' parameter of the 'uistrings.cgi'
script, an overflow will occur within the snprintf function used to
prevent such attacks. A remote, unauthenticated attacker could
leverage this vulnerability to view lines with an equal sign, notably
key/value pairs, in files.
Note that the affected uistrings.cgi script is located in both the
'/scripts/' and '/webfm/webUI/' web directories.
See also :
Upgrade to 4.3-3776 Update 2.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.8
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 72347 ()
Bugtraq ID: 62310
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.