CyberSec.Space Logo
Back to CVE Browser

CVE-2013-6987

HIGH
7.5
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile40.38th
PublishedDec 31, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

Affected Platforms (CPE)

πŸ’»
Synology

Diskstation Manager

= 4.3-3810

References & Advisories

πŸ”— http://packetstormsecurity.com/files/124563
πŸ”— http://seclists.org/fulldisclosure/2013/Dec/177
πŸ”— http://www.exploit-db.com/exploits/30475
πŸ”— http://www.securityfocus.com/bid/64483
πŸ”— http://www.synology.com/en-us/releaseNote/model/DS114
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/89892
πŸ”— http://packetstormsecurity.com/files/124563
πŸ”— http://seclists.org/fulldisclosure/2013/Dec/177

Related Vulnerabilities

CVE-2013-695510.0

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 U...

CVE-2021-276479.8

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows rem...

CVE-2021-265699.8

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-...

CVE-2021-276469.8

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote ...

CVE-2013-6987 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space