← back
CVE-2017-11153

CVE-2017-11153

EPSS 19.1%CWE-502
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
Affected products
Synology · Synology Photo Station
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42434/unverifiedexploitdbwww.exploit-db.com/exploits/42434unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/42434/https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation