Vulnerabilities > CVE-2021-29085 - Unspecified vulnerability in Synology products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

synology

NVD

Published: 2021-06-23

Updated: 2024-11-21

Summary

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Diskstation Manager 6.2 Synology Diskstation Manager 6.2-23739 Synology Diskstation Manager 6.2-23739-1 Synology Diskstation Manager 6.2-23739-2 Synology Diskstation Manager 6.2.1 Synology Diskstation Manager 6.2.1-23824 Synology Diskstation Manager 6.2.1-23824-1 Synology Diskstation Manager 6.2.1-23824-2 Synology Diskstation Manager 6.2.1-23824-3 Synology Diskstation Manager 6.2.1-23824-4 Synology Diskstation Manager 6.2.1-23824-5 Synology Diskstation Manager 6.2.1-23824-6 Synology Diskstation Manager 6.2.2-24922 Synology Diskstation Manager 6.2.3-25426-2	14
OS	Synology Synology Diskstation Manager Unified Controller - Synology Diskstation Manager Unified Controller 3.0	2

Summary

Vulnerable Configurations

References