CVE-2013-6987

Synology DiskStation Manager - Path Traversal via FileBrowser Components

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-6987. PoCs published by Andrea Fabrizi, stoicboomer.

AI-analyzed exploit summary This exploit demonstrates multiple directory traversal vulnerabilities in Synology DSM's FileBrowser components, allowing authenticated users to access, delete, or modify system files by bypassing path validation checks.

Description

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

Exploits (2)

exploitdb WORKING POC

by Andrea Fabrizi · textwebappscgi

https://www.exploit-db.com/exploits/30475

View Code ZIP pw:eip

This exploit demonstrates multiple directory traversal vulnerabilities in Synology DSM's FileBrowser components, allowing authenticated users to access, delete, or modify system files by bypassing path validation checks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Synology DSM <= 4.3-3810

Auth required

Prerequisites: Authenticated access to Synology DSM · Valid shared folder name

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by stoicboomer · poc

https://github.com/stoicboomer/CVE-2013-6987

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2013-6987, a directory traversal vulnerability in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3. The scripts demonstrate file listing, deletion, and download via path traversal attacks.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Synology DiskStation Manager (DSM) before 4.3-3810 Update 3

Auth required

Prerequisites: Valid SynoToken for authentication · Network access to the target DSM instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64483

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89892

Various Sources x_refsource_confirm

http://www.synology.com/en-us/releaseNote/model/DS114

Exploit x_refsource_misc

http://packetstormsecurity.com/files/124563

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30475

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Dec/177

Scores

EPSS 0.1489

EPSS Percentile 96.3%

Details

CWE

CWE-22

Status published

Products (1)

synology/diskstation_manager 4.3-3810

Published Dec 31, 2013

Tracked Since Feb 18, 2026