GCVE - cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*

part: a version: 3.5-2967 update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Download Station (`0de15abb-a25c-5535-9959-9b40c537066f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-11156`	vulnerable	2026-06-03 14:36:27.786307	Details available Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. Published: 2017-08-14T19:00:00.000Z Updated: 2024-09-16T19:36:36.517Z Open on db.gcve.eu Reference links https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-11149`	vulnerable	2026-06-03 14:36:27.774816	Details available Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. Published: 2017-08-14T19:00:00.000Z Updated: 2024-09-16T20:41:46.192Z Open on db.gcve.eu Reference links https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.