CVE-2021-34809
9.9CRITICAL
Summary
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Affected Version(s)
Download Station < 3.8.16-3566
CVSS V3.1
Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Risk change from: 8.8 to: 9.9 - (CRITICAL)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database