CVE-2015-2809

Published: Apr 1, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.

Affected (1)

Products: Synology: Diskstation Manager

1 product

Diskstation Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Synology Diskstation Manager	Up to 3.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.kb.cert.org/vuls/id/550620

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/BLUU-9TLSHD

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/73683

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/550620

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/BLUU-9TLSHD

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/73683

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.