A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NSynology Ssl Vpn Client
APPSynology< 1.4.5-0684
Powiązane podatności
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote att...
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2....
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology S...
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synol...
Classic Buffer Overflow w Synology BeeStation OS — zdalne wykonanie kodu