CVE-2010-3684

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
synologydsm
2.2-0942
synologydsm
2.2-1041
synologydsm
2.2-1042
synologydsm
2.2-1045
synologydsm
2.3-1139
synologydsm
2.3-1141
synologydsm
2.3-1144
synologydsm
2.3-1157
synologydsm
2.3-1161
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/513970/100/0/threaded
http://www.securityfocus.com/archive/1/513970/100/0/threaded