Vigil@nce - Synology DS: privilege escalation via guest/admin
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can authenticate via guest/admin of Synology DS, in
order to escalate his privileges.
– Impacted products: Synology DS***.
– Severity: 2/4.
– Creation date: 21/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Synology DS product has guest and admin accounts.
However, by default, their passwords are empty.
An attacker can therefore authenticate via guest/admin of Synology
DS, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Synology-DS-privilege-escalation-via-guest-admin-20930