Unrated severityNVD Advisory· Published Sep 29, 2010· Updated Apr 29, 2026

CVE-2010-3684

Description

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

Affected products

Synology/Dsm9 versions
cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*
- cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/513970/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000