Synology Diskstation Manager 4.3-3810

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*

part: a version: 4.3-3810 update: *

VendorSynology (65464e9b-7339-559d-9719-837f074e0220)
ProductDiskstation Manager (db429775-8112-5c04-a3e0-3177c21cf9b4)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-6987 vulnerable 2026-06-03 14:33:33.283321 Details available
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
Published: 2013-12-31T15:00:00.000Z
Updated: 2024-08-06T17:53:45.838Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-6955 vulnerable 2026-06-03 14:33:33.127557 Details available
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
Published: 2014-01-09T11:00:00.000Z
Updated: 2024-08-06T17:53:45.550Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.