Vulnerabilities > CVE-2021-27649 - Use After Free vulnerability in Synology products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

CWE-416

critical

NVD

Published: 2021-06-23

Updated: 2021-06-29

Summary

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Diskstation Manager 6.2 Synology Diskstation Manager 6.2-23739 Synology Diskstation Manager 6.2-23739-1 Synology Diskstation Manager 6.2-23739-2 Synology Diskstation Manager 6.2.1 Synology Diskstation Manager 6.2.1-23824 Synology Diskstation Manager 6.2.1-23824-1 Synology Diskstation Manager 6.2.1-23824-2 Synology Diskstation Manager 6.2.1-23824-3 Synology Diskstation Manager 6.2.1-23824-4 Synology Diskstation Manager 6.2.1-23824-5 Synology Diskstation Manager 6.2.1-23824-6 Synology Diskstation Manager 6.2.2-24922 Synology Diskstation Manager 6.2.3-25426-2	14
OS	Synology Synology Diskstation Manager Unified Controller - Synology Diskstation Manager Unified Controller 3.0	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.synology.com/security/advisory/Synology_SA_20_26