CVE-2017-9552

CVE-2017-9552

Vendor Synology
Product Synology Photo Station
Weakness CWE-522 · Insufficiently protected credentials
Published June 13, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

Key dates

02Disclosure timeline

June 13, 2017 CVE published
August 5, 2024 Record updated