SQL Injection Vulnerability in Synology DiskStation Manager
CVE-2021-43926

9.8CRITICAL

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 7 February 2022

Summary

The vulnerability identified in Synology DiskStation Manager allows remote attackers to exploit improper neutralization of special elements in SQL commands, enabling SQL injection through various unspecified vectors. This flaw impacts the Log Management feature, posing significant risks to data integrity and system security. Organizations using affected versions are encouraged to apply security updates promptly to mitigate the risk of potential exploitation.

Affected Version(s)

DiskStation Manager (DSM) < 7.0.1-42218-2

References

https://www.synology.com/security/advisory/Synology_SA_22_01

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2022
Vulnerability Reserved
Nov 16, 2021