Path Traversal Vulnerability in Synology DiskStation Manager
CVE-2021-29088
7.8HIGH
Key Information:
- Vendor
- Synology
- Vendor
- CVE Published:
- 1 June 2021
Summary
A Path Traversal vulnerability exists within the cgi component of Synology DiskStation Manager versions prior to 6.2.4-25553. This weakness allows local users to bypass restrictions on directory paths, enabling them to execute arbitrary code through unspecified attack vectors. This issue raises significant security concerns, as it may facilitate unauthorized access to sensitive system functions.
Affected Version(s)
Synology DiskStation Manager (DSM) < 6.2.4-25553
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved