Home / Early Warning / Vulnerabilidades / CVE-2014-2264

CVE-2014-2264

Type: 
Credentials Management
Severity: 
High
Publication date: 
03/02/2014
Last modified: 
03/03/2014
Description
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: No impact on system integrity + Total commitment on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:a:synology:diskstation_manager:4.3-3810:1:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields