Unintended Response to Unicast Queries in Synology DiskStation Manager (DSM) Allows for Denial of Service and Information Disclosure
CVE-2015-2809 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
Learn more about our Web Application Penetration Testing UK.