What the vulnerability does

01Description

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.

Key dates

02Disclosure timeline

February 27, 2018 CVE published
September 16, 2024 Record updated