CVE-2017-12080

2017-11-0600:00:00

CWE-200

synology

www.cve.org

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

CNA Affected

[
  {
    "product": "Photo Station",
    "vendor": "Synology",
    "versions": [
      {
        "status": "affected",
        "version": "before 6.8.1-3458"
      },
      {
        "status": "affected",
        "version": "before 6.3-2970"
      }
    ]
  }
]

References

www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station