CVE-2021-26569

8.1HIGH

Key Information:

Vendor
Synology
Status
Synology Diskstation Manager (dsm)
Vendor
CVE Published:
12 March 2021

Summary

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Affected Version(s)

Synology DiskStation Manager (DSM) < 6.2.3-25426-3

References

https://www.synology.com/security/advisory/Synology_SA_20_26
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-338/
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.