Privilege escalation in Synology NAS Servers - CVE-2016-6554
Published: October 21, 2016 / Updated: October 24, 2016
Vulnerability identifier: #VU1062
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6554
CWE-ID: CWE-255
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Synology Inc.
Affected software:
Synology NAS Servers
Synology NAS Servers
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to bypass security limitations and gain elevated privileges on the target system.
The weakness exists due to improper protection of credentials. By accessing the server with default credentials, attacker can bypass security limitations and increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation and full access to the vulnerable system.
The weakness exists due to improper protection of credentials. By accessing the server with default credentials, attacker can bypass security limitations and increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation and full access to the vulnerable system.
How to mitigate CVE-2016-6554
Update to version 5.2-5644 -1.