Synology-SA-18:52 Android Moments

Publish Time: 2018-09-05 15:17:58 UTC+8

Last Updated: 2019-04-01 11:38:31 UTC+8

Severity
Moderate
Status
Resolved

Abstract

A vulnerability allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Android Moments.

Affected Products

Product Severity Fixed Release Availability
Android Moments Moderate Upgrade to 1.2.3-199 or above.

Mitigation

None

Detail

  • CVE-2018-13298
    • Severity: Moderate
    • CVSS3 Base Score: 4.2
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
    • Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

Revision

Revision Date Description
1 2018-09-05 Initial public release.
2 2019-04-01 Disclosed vulnerability details.