SSRF Vulnerability in Synology Download Station Allows Arbitrary File Download

SSRF Vulnerability in Synology Download Station Allows Arbitrary File Download

CVE-2017-11149 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

Learn more about our User Device Pen Test.