Photo Station 3.5-2945

Publish Time: 2015-05-29 00:00:00 UTC+8

Last Updated: UTC+8

Status
Resolved

Description

Photo Station version 6.3-2945 includes the security fixes of malicious attacks to address the following security vulnerabilities:

  • One vulnerability that allows an attacker to execute cross-site scripting (XSS) attacks and perform arbitrary actions such as stealing session tokens or redirecting to potential malicious websites
  • The other vulnerability that allows someone who has the privilege of managing any arbitrary album to compromise photos in other albums that he/she has no permission to access through command injection attacks

Resolution

To fix the security issues, please go to DSM > Package Center, install the latest version 6.3-2945 of Photo Station package to protect DiskStation from malicious attacks.

Note

For the following models, please go to DSM > Package Center, install the latest version 6.0-2635 of Photo Station package to protect DiskStation from malicious attacks: DS109, DS209, DS409, DS409slim, DS109+, DS209+, DS209+II, DS409+, DS509+, RS409(RP)+ .