Users of Synology Disk Station please be advised of a Web commands injection through FTP Login vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
CVE-2010-2453: Web commands injection through FTP Login in Synology Disk Station
The disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of
remote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service
through web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the
admin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface.
This problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9RDLKH
No comments:
Post a Comment