Description
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.synology.com/en-global/releaseNote/DS213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
https://www.securityfocus.com/bid/93805
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/404187
Scores
CVSS v3
9.8
EPSS
0.0146
EPSS Percentile
81.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (3)
synology/ds107_firmware
< 3.1-1639
synology/ds116_firmware
< 5.2-5644-1
synology/ds213_firmware
< 5.2-5644-1
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026