Hard-coded Credentials Vulnerability in Synology Calendar Software
CVE-2021-34812

5.8MEDIUM

Key Information:

Vendor: Synology
Status: Synology Calendar
Vendor: CVE Published:; 18 June 2021

What is CVE-2021-34812?

A recently discovered vulnerability in Synology Calendar prior to version 2.4.0-0761 involves the use of hard-coded credentials within the php component. This flaw may allow remote attackers to exploit the system, potentially enabling them to gain unauthorized access and retrieve sensitive information through unspecified attack vectors.

Affected Version(s)

Synology Calendar < 2.4.0-0761

References

https://www.synology.com/security/advisory/Synology_SA_21_12

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2021
Vulnerability Reserved
Jun 16, 2021