Server-Side Request Forgery in Synology Download Station
CVE-2021-33184

7.7HIGH

Key Information:

Vendor: Synology
Status: Synology Download Station
Vendor: CVE Published:; 1 June 2021

What is CVE-2021-33184?

An SSRF vulnerability exists in the task management component of Synology Download Station, affecting versions prior to 3.8.15-3563. This flaw permits remote authenticated users to exploit unspecified vectors to read arbitrary files on the server, potentially exposing sensitive information. Organizations using affected versions should consult the security advisory to implement necessary mitigations.

Affected Version(s)

Synology Download Station < 3.8.15-3563

References

https://www.synology.com/security/advisory/Synology_SA_20_23

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2021
Vulnerability Reserved
May 18, 2021