CVE-2017-12080

Published: Dec 4, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

Affected (2)

Products: Synology: Photo Station

Synology

1 product

Photo Station

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Synology Photo Station	From 6.3 to 6.3-2970

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Synology Photo Station	From 6.8 to 6.8.1-3458

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.