Vulnerabilities > CVE-2016-6554 - Credentials Management vulnerability in Synology Ds107 Firmware and Ds213 Firmware

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
synology
CWE-255
critical

Summary

Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.

Vulnerable Configurations

Part Description Count
OS
Synology
68
Hardware
Synology
3

Common Weakness Enumeration (CWE)