Path Traversal Vulnerability in PDF Viewer of Synology DiskStation Manager
CVE-2021-33182

4.3MEDIUM

Key Information:

Vendor: Synology
Status: Synology Diskstation Manager (dsm)
Vendor: CVE Published:; 1 June 2021

Summary

The PDF Viewer component in Synology DiskStation Manager (DSM) versions prior to 6.2.4-25553 is susceptible to a path traversal vulnerability. This issue permits remote authenticated users to gain unauthorized access to restricted files within the system, exploiting improper path limitations. Attackers might leverage this flaw to read sensitive information through unspecified vectors, raising serious concerns about data integrity and security.

Affected Version(s)

Synology DiskStation Manager (DSM) < 6.2.4-25553

References

https://www.synology.com/security/advisory/Synology_SA_21_03

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 1, 2021
Vulnerability Reserved
May 18, 2021