Search criteria
1 vulnerability found for ds213 by synology
VAR-201807-0052
Vulnerability from variot - Updated: 2024-11-23 21:53Synology Made of multiple NAS The server has authentication information common to all devices. Certificate and password management (CWE-255) - CVE-2016-6554 Synology Made of NAS server Is DS107 , DS116 and DS213 By default, the authentication information "guest:( No password )" and "admin:( No password )" Is set.A remote third party could access the device with administrator privileges. Multiple Synology DiskStation products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The following products are affected: Synology DiskStation DS107 running firmware versions 3.1-1639 and prior. Synology DiskStation DS116 running firmware versions prior to 5.2-5644-1. Synology DiskStation DS213 running firmware versions prior to 5.2-5644-1. Synology DiskStation DS107 and others are network storage servers (NAS) of Synology. A trust management vulnerability exists in several Synology products due to the use of non-random default credentials (guest: (blank) and admin: (blank))
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ds107",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "3.1-1639"
},
{
"model": "ds213",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": "ds116",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "disk station ds107",
"scope": "lte",
"trust": 0.8,
"vendor": "synology",
"version": "3.1-1639"
},
{
"model": "diskstation ds116",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": "diskstation ds213",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": "ds213",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": "ds107",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "3.1-1639"
},
{
"model": "ds116",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": "diskstation ds213",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "diskstation ds116",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "diskstation ds107",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "3.1-1639"
},
{
"model": "diskstation ds213",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "5.2-5644-1"
},
{
"model": "diskstation ds116",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "5.2-5644-1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404187"
},
{
"db": "BID",
"id": "93805"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:synology:ds107_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:synology:ds116_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:synology:ds213_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ory Segal and Ezra Caltum",
"sources": [
{
"db": "BID",
"id": "93805"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6554",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.7,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-6554",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "NOT DEFINED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-005560",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95374",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6554",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-005560",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6554",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-6554",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-005560",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-697",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95374",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6554",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404187"
},
{
"db": "VULHUB",
"id": "VHN-95374"
},
{
"db": "VULMON",
"id": "CVE-2016-6554"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Made of multiple NAS The server has authentication information common to all devices. Certificate and password management (CWE-255) - CVE-2016-6554 Synology Made of NAS server Is DS107 , DS116 and DS213 By default, the authentication information \"guest:( No password )\" and \"admin:( No password )\" Is set.A remote third party could access the device with administrator privileges. Multiple Synology DiskStation products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nThe following products are affected:\nSynology DiskStation DS107 running firmware versions 3.1-1639 and prior. \nSynology DiskStation DS116 running firmware versions prior to 5.2-5644-1. \nSynology DiskStation DS213 running firmware versions prior to 5.2-5644-1. Synology DiskStation DS107 and others are network storage servers (NAS) of Synology. A trust management vulnerability exists in several Synology products due to the use of non-random default credentials (guest: (blank) and admin: (blank))",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "BID",
"id": "93805"
},
{
"db": "VULHUB",
"id": "VHN-95374"
}
],
"trust": 1.08
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/404187",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404187"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#404187",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2016-6554",
"trust": 2.9
},
{
"db": "BID",
"id": "93805",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVNVU93774715",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95374",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6554",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404187"
},
{
"db": "VULHUB",
"id": "VHN-95374"
},
{
"db": "VULMON",
"id": "CVE-2016-6554"
},
{
"db": "BID",
"id": "93805"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"id": "VAR-201807-0052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95374"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:53:00.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DS107 Release Notes",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/DS107"
},
{
"title": "DS116 Release Notes",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/DS116"
},
{
"title": "DS213 Release Notes",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/DS213"
},
{
"title": "Multiple Synology Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65060"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95374"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/404187"
},
{
"trust": 2.6,
"url": "https://www.synology.com/en-global/releasenote/ds213"
},
{
"trust": 1.8,
"url": "https://www.securityfocus.com/bid/93805"
},
{
"trust": 1.6,
"url": "https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6554"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93774715/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6554"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#404187"
},
{
"db": "VULHUB",
"id": "VHN-95374"
},
{
"db": "VULMON",
"id": "CVE-2016-6554"
},
{
"db": "BID",
"id": "93805"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#404187"
},
{
"db": "VULHUB",
"id": "VHN-95374"
},
{
"db": "VULMON",
"id": "CVE-2016-6554"
},
{
"db": "BID",
"id": "93805"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-20T00:00:00",
"db": "CERT/CC",
"id": "VU#404187"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-95374"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6554"
},
{
"date": "2016-10-20T00:00:00",
"db": "BID",
"id": "93805"
},
{
"date": "2016-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"date": "2018-07-13T20:29:00.753000",
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-20T00:00:00",
"db": "CERT/CC",
"id": "VU#404187"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-95374"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6554"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "93805"
},
{
"date": "2016-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005560"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-697"
},
{
"date": "2024-11-21T02:56:20.663000",
"db": "NVD",
"id": "CVE-2016-6554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology NAS servers contain insecure default credentials",
"sources": [
{
"db": "CERT/CC",
"id": "VU#404187"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-697"
}
],
"trust": 0.6
}
}