VYPR
Get started
← All advisories
High severity7.8NVD Advisory· Published Jun 13, 2017· Updated May 13, 2026

CVE-2017-9552

CVE-2017-9552

Description

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

Affected products

25
  • Synology/Photo Station24 versions
    cpe:2.3:a:synology:photo_station:6.3-2958:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:a:synology:photo_station:6.3-2958:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.3-2960:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.3-2962:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.6.2-3346:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.6.3-3347:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.0-2528:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.0-2636:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.0-2638:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.0-2639:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.0-2640:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.3-2944:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.3-2963:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.3-2964:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.3-2965:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.4-3166:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.5.0-3218:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.5.1-3223:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.5.2-3225:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.5.3-3226:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.6.0-3339:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.6.1-3345:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.6.1-3346:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.7.0-3414:*:*:*:*:*:*:*
    • cpe:2.3:a:synology:photo_station:6.7.1-3419:*:*:*:*:*:*:*
  • Synology/Synology Photo Stationv5
    Range: 6.0-2528 through 6.7.1-3419

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.