Unrated severityNVD Advisory· Published May 30, 2015· Updated May 6, 2026
CVE-2015-2851
CVE-2015-2851
Description
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
Affected products
13cpe:2.3:a:synology:cloud_station:3.0-3111:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:synology:cloud_station:3.0-3111:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:1.1-2291:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:2.0-2291:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:2.0-2402:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:2.1-2561:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:2.1-2570:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:2.1-2577:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:3.0-3005:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:3.0-3103:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:3.0-3108:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:3.0-3109:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:3.1-3317:*:*:*:*:*:*:*
- cpe:2.3:a:synology:cloud_station:3.1-3320:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.kb.cert.org/vuls/id/551972nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/BLUU-9VBU45nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/74826nvd
News mentions
0No linked articles in our index yet.