CVE-2017-15895

Summary

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Affected Software

VendorProductVersion RangeStatus
SynologySynology Router Manager (SRM)before 1.1.5-6542-4affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References