VYPR
Unrated severityNVD Advisory· Published Dec 31, 2013· Updated Jun 17, 2026

CVE-2013-6987

CVE-2013-6987

Description

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:o:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*
    • (no CPE)range: <4.3-3810 Update 3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.