VYPR
Get started
← All advisories
High severity7.8NVD Advisory· Published Aug 14, 2017· Updated May 13, 2026

CVE-2017-11156

CVE-2017-11156

Description

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

Affected products

34
  • Synology/Synology Download Stationv5
    Range: 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984
  • Synology/Download Station33 versions
    cpe:2.3:a:synology:download_station:3.5-2706:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:synology:download_station:3.5-2706:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2955:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2956:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2962:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2963:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.2-2295:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.3-2382:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.3-2383:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.3-2386:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2477:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2478:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2480:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2485:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2486:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2489:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2490:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2514:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2555:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2557:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.4-2558:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2638:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2705:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2968:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2970:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2973:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2980:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.5-2982:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.8.0-3416:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.8.1-3420:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.8.2-3455:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.8.3-3458:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:download_station:3.8.4-3468:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.