{"containers": {"cna": {"affected": [{"product": "Synology Download Station", "vendor": "Synology", "versions": [{"status": "affected", "version": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984"}]}], "datePublic": "2017-08-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (CWE-918)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-08-14T18:57:01.000Z", "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@synology.com", "DATE_PUBLIC": "2017-08-11T00:00:00", "ID": "CVE-2017-11149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Synology Download Station", "version": {"version_data": [{"version_value": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984"}]}}]}, "vendor_name": "Synology"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Server-Side Request Forgery (CWE-918)"}]}]}, "references": {"reference_data": [{"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station", "refsource": "CONFIRM", "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:57:58.800Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"}]}]}, "cveMetadata": {"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "assignerShortName": "synology", "cveId": "CVE-2017-11149", "datePublished": "2017-08-14T19:00:00.000Z", "dateReserved": "2017-07-10T00:00:00.000Z", "dateUpdated": "2024-09-16T20:41:46.192Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:download_station:3.2-2295:*:*:*:*:*:*:*", "matchCriteriaId": "388EC850-91FB-495E-8CC1-E3B6468A7D05", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.3-2382:*:*:*:*:*:*:*", "matchCriteriaId": "A0EE8CB0-5D39-4361-B17F-D073377B8E22", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.3-2383:*:*:*:*:*:*:*", "matchCriteriaId": "EEF5E40E-AFF1-4548-8F80-61D11A658C44", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.3-2386:*:*:*:*:*:*:*", "matchCriteriaId": "87DAD7D7-C695-4C6A-9674-199C61604B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2477:*:*:*:*:*:*:*", "matchCriteriaId": "47302F69-2ED0-431E-82EE-16942C8B14B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2478:*:*:*:*:*:*:*", "matchCriteriaId": "74EF711B-10DA-4356-8ED0-FFF08BDB0A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2480:*:*:*:*:*:*:*", "matchCriteriaId": "400A6164-B4D7-4988-B16A-E3CFABDB995D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2485:*:*:*:*:*:*:*", "matchCriteriaId": "9D5F75FA-B343-4513-B92C-5F3D89DEB2AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2486:*:*:*:*:*:*:*", "matchCriteriaId": "8C5D8FDA-BE01-440A-93F5-0314C15B345C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2489:*:*:*:*:*:*:*", "matchCriteriaId": "043E910E-9129-43C9-B27F-0A8C6AC9D44A", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2490:*:*:*:*:*:*:*", "matchCriteriaId": "BD3DD08D-4025-424B-8B6D-6F45F64BA1BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2514:*:*:*:*:*:*:*", "matchCriteriaId": "1B4ED375-025B-4C51-B8B4-DDAFE550C7E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2555:*:*:*:*:*:*:*", "matchCriteriaId": "F2FA562D-F3C5-43D3-8FF2-5C3BC84B23C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2557:*:*:*:*:*:*:*", "matchCriteriaId": "3C3688F1-5EFC-4611-9976-85EAF9595255", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.4-2558:*:*:*:*:*:*:*", "matchCriteriaId": "99FBB132-BF8D-4B95-A32A-12B40E85C1FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2638:*:*:*:*:*:*:*", "matchCriteriaId": "1FC3C6CE-9E0F-499F-B3AC-2D9F21289670", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2705:*:*:*:*:*:*:*", "matchCriteriaId": "B93E493C-1889-40B3-B8C7-0F4D0B6B72DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2706:*:*:*:*:*:*:*", "matchCriteriaId": "4712A752-7F18-45B0-A333-287734E6B46B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2955:*:*:*:*:*:*:*", "matchCriteriaId": "971F5675-E834-48FE-AED6-0D06E554FEED", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2956:*:*:*:*:*:*:*", "matchCriteriaId": "34FFE8AC-9E8B-4435-B6A7-B876AFF4D669", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2962:*:*:*:*:*:*:*", "matchCriteriaId": "BD9AD47A-71CA-4E9F-B4BB-49C664BFFDAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2963:*:*:*:*:*:*:*", "matchCriteriaId": "98D5E19B-A34F-4FD1-AC8E-005E6F565ED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*", "matchCriteriaId": "858B2972-78D9-496D-B61D-BB38F5CC8B46", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2968:*:*:*:*:*:*:*", "matchCriteriaId": "645A9A0B-F0D1-4122-A5D4-E12D32AA8633", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2970:*:*:*:*:*:*:*", "matchCriteriaId": "4CD9E764-07E4-44F0-B268-7BFFE1E91F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2973:*:*:*:*:*:*:*", "matchCriteriaId": "61DFFD31-8496-4B23-8AA0-05D895A4FF54", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2980:*:*:*:*:*:*:*", "matchCriteriaId": "AFB54B93-7F72-4797-8620-552EB9971B0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.5-2982:*:*:*:*:*:*:*", "matchCriteriaId": "45D6CEC0-9BAE-4627-A57A-5DBA81A39AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.8.0-3416:*:*:*:*:*:*:*", "matchCriteriaId": "27981034-F4ED-47B7-9A87-D5EAD8BB4EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.8.1-3420:*:*:*:*:*:*:*", "matchCriteriaId": "8E525F0C-1D37-447D-A688-6FD87822889C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.8.2-3455:*:*:*:*:*:*:*", "matchCriteriaId": "B3240461-598E-4C41-9234-400AAAEE32B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.8.3-3458:*:*:*:*:*:*:*", "matchCriteriaId": "5D36302B-9478-4348-8059-D89BEC858F87", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:download_station:3.8.4-3468:*:*:*:*:*:*:*", "matchCriteriaId": "AFFA7620-E000-448D-BEC2-9EEC47649334", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI."}, {"lang": "es", "value": "Una vulnerabilidad de tipo server-side request forgery (SSRF) en Downloader en Synology Download Station 3.8.x en versiones anteriores a la 3.8.5-3475 y 3.x en versiones anteriores a la 3.5-2984 permite que usuarios remotos autenticados descarguen archivos locales arbitrarios mediante URI manipulada."}], "id": "CVE-2017-11149", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-14T19:29:00.770", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@synology.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}