Server-Side Request Forgery in Synology Download Station
CVE-2021-33184

7.7HIGH

Key Information:

Vendor: Synology
Status: Synology Download Station
Vendor: CVE Published:; 1 June 2021

What is CVE-2021-33184?

An SSRF vulnerability exists in the task management component of Synology Download Station, affecting versions prior to 3.8.15-3563. This flaw permits remote authenticated users to exploit unspecified vectors to read arbitrary files on the server, potentially exposing sensitive information. Organizations using affected versions should consult the security advisory to implement necessary mitigations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Synology Download Station < 3.8.15-3563

References

https://www.synology.com/security/advisory/Synology_SA_20_23

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 1, 2021
Vulnerability Reserved
May 18, 2021

JSON

Synology