Critical severity9.8NVD Advisory· Published Aug 8, 2017· Updated Jun 17, 2026
CVE-2017-11153
CVE-2017-11153
Description
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*range: <=6.7.2-3429
- cpe:2.3:a:synology:photo_station:6.3-2967:*:*:*:*:*:*:*
- (no CPE)range: <6.7.3-3432 and <6.3-2967
- (no CPE)range: before 6.7.3-3432 and 6.3-2967
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/42434/nvdThird Party AdvisoryVDB Entry
- www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStationnvdVendor Advisory
News mentions
0No linked articles in our index yet.