Injection Vulnerability in File Sharing Management of Synology DiskStation Manager
CVE-2021-29085

7.5HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 23 June 2021

Summary

An injection vulnerability exists in the file sharing management component of Synology DiskStation Manager, allowing remote attackers to exploit this flaw to read arbitrary files. This issue is present in versions prior to 6.2.3-25426-3 and poses a risk due to improper neutralization of special elements in output that can be leveraged through unspecified vectors.

Affected Version(s)

DiskStation Manager (DSM) < 6.2.3-25426-3

References

https://www.synology.com/security/advisory/Synology_SA_20_26

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2021
Vulnerability Reserved
Mar 23, 2021