Race Condition Vulnerability in Synology DiskStation Manager
CVE-2021-26569

8.1HIGH

Key Information:

Vendor: Synology
Status: Synology Diskstation Manager (dsm)
Vendor: CVE Published:; 12 March 2021

What is CVE-2021-26569?

This vulnerability involves a race condition within the iscsi_snapshot_comm_core component of Synology DiskStation Manager. It allows remote attackers to exploit this flaw by constructing specially crafted web requests, potentially leading to the execution of arbitrary code on affected systems. Users of DiskStation Manager versions prior to 6.2.3-25426-3 should take immediate action to update their software to mitigate this risk.

Affected Version(s)

Synology DiskStation Manager (DSM) < 6.2.3-25426-3

References

https://www.synology.com/security/advisory/Synology_SA_20_26

x_refsource_CONFIRM

https://www.zerodayinitiative.com/advisories/ZDI-21-338/

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2021
Vulnerability Reserved
Feb 2, 2021