What is CVE-2013-6955?

CVE-2013-6955 is a vulnerability in Synology Diskstation_manager, classified under CWE-264. Published 2014-01-09.

Is CVE-2013-6955 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Synology Diskstation_manager

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, v…

EPSS: 0.833 (99.3th percentile) — read the EPSS interpretation.

Affected products

Synology Diskstation_manager — versions 4.0, 4.2, 4.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

VU#615910 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)

Frequently asked questions

What is CVE-2013-6955?: CVE-2013-6955 is a vulnerability in Synology Diskstation_manager, classified under CWE-264. Published 2014-01-09.
Is CVE-2013-6955 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.