CVE-2021-33181

6.6MEDIUM

Key Information:

Vendor
Synology
Status
Synology Video Station
Vendor
CVE Published:
1 June 2021

Summary

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.

Affected Version(s)

Synology Video Station < 2.4.10-1632

References

https://www.synology.com/security/advisory/Synology_SA_21_04
x_refsource_CONFIRM

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.