Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities
Critical Nessus Plugin ID 72345
SynopsisThe remote Synology DiskStation Manager is affected by multiple vulnerabilities.
DescriptionAccording to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by the following vulnerabilities :
- A remote code execution vulnerability exists in the File Station component due to improper validation in the 'imageSelector.cgi' script of values submitted in the X-TMP-FILE header field along with the X-TYPE-NAME:
SLICEUPLOAD header field to the 'imageSelector.cgi' script. (CVE-2013-6955)
- An issue exists in the Auto Block feature that could allow IP addresses to be improperly added to the Block List.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to 4.3-3810 Update 1 or later or contact the vendor.