Vulnerability Database

318,275

Total vulnerabilities in the database

CVE-2017-11149

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

  • Published: Aug 14, 2017
  • Updated: Nov 9, 2025
  • CVE: CVE-2017-11149
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
synology / download_station 3.4-2514 3.4-2514.x
synology / download_station 3.5-2956 3.5-2956.x
synology / download_station 3.4-2485 3.4-2485.x
synology / download_station 3.5-2955 3.5-2955.x
synology / download_station 3.4-2555 3.4-2555.x
synology / download_station 3.5-2982 3.5-2982.x
synology / download_station 3.5-2962 3.5-2962.x
synology / download_station 3.4-2558 3.4-2558.x
synology / download_station 3.5-2706 3.5-2706.x
synology / download_station 3.5-2638 3.5-2638.x
synology / download_station 3.4-2480 3.4-2480.x
synology / download_station 3.5-2705 3.5-2705.x
synology / download_station 3.5-2970 3.5-2970.x
synology / download_station 3.2-2295 3.2-2295.x
synology / download_station 3.8.1-3420 3.8.1-3420.x
synology / download_station 3.5-2968 3.5-2968.x
synology / download_station 3.8.4-3468 3.8.4-3468.x
synology / download_station 3.8.0-3416 3.8.0-3416.x
synology / download_station 3.4-2489 3.4-2489.x
synology / download_station 3.5-2980 3.5-2980.x
synology / download_station 3.8.3-3458 3.8.3-3458.x
synology / download_station 3.5-2973 3.5-2973.x
synology / download_station 3.4-2490 3.4-2490.x
synology / download_station 3.3-2382 3.3-2382.x
synology / download_station 3.8.2-3455 3.8.2-3455.x
synology / download_station 3.5-2967 3.5-2967.x
synology / download_station 3.3-2386 3.3-2386.x
synology / download_station 3.5-2963 3.5-2963.x
synology / download_station 3.4-2557 3.4-2557.x
synology / download_station 3.4-2477 3.4-2477.x
synology / download_station 3.3-2383 3.3-2383.x
synology / download_station 3.4-2478 3.4-2478.x
synology / download_station 3.4-2486 3.4-2486.x