Vulnerabilities > CVE-2021-33181 - Server-Side Request Forgery (SSRF) vulnerability in Synology Video Station

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

synology

CWE-918

NVD

Published: 2021-06-01

Updated: 2021-06-10

Summary

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Video Station 1.2-0439 Synology Video Station 1.2-0443 Synology Video Station 1.2-0447 Synology Video Station 1.2-0451 Synology Video Station 1.2-0453 Synology Video Station 1.3-0562 Synology Video Station 1.4-0667 Synology Video Station 1.4-0668 Synology Video Station 1.4-0673 Synology Video Station 1.4-0674 Synology Video Station 1.4-0678 Synology Video Station 1.4-0679 Synology Video Station 1.5-0753 Synology Video Station 1.5-0754 Synology Video Station 1.5-0757 Synology Video Station 1.5-0763 Synology Video Station 1.5-0770 Synology Video Station 1.5-0772 Synology Video Station 1.5-0775 Synology Video Station 1.5-0776 Synology Video Station 1.6-0835 Synology Video Station 1.6-0840 Synology Video Station 1.6-0841 Synology Video Station 1.6-0844 Synology Video Station 1.6-0857 Synology Video Station 1.6-0858 Synology Video Station 1.6-0859 Synology Video Station 2.0-1124 Synology Video Station 2.0-1132 Synology Video Station 2.0-1134 Synology Video Station 2.1.0-1226 Synology Video Station 2.1.1-1229 Synology Video Station 2.1.2-1236 Synology Video Station 2.2.0-1361 Synology Video Station 2.2.1-1364 Synology Video Station 2.3.0-1435 Synology Video Station 2.3.1-1453 Synology Video Station 2.3.2-1454 Synology Video Station 2.3.3-1455 Synology Video Station 2.3.4-1468 Synology Video Station 2.3.5-1471 Synology Video Station 2.3.6-1475 Synology Video Station 2.3.7-1484 Synology Video Station 2.3.8-1486 Synology Video Station 2.4.0-1505 Synology Video Station 2.4.1-1554 Synology Video Station 2.4.2-1561 Synology Video Station 2.4.3-1565 Synology Video Station 2.4.4-1583 Synology Video Station 2.4.5-1584	50

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.synology.com/security/advisory/Synology_SA_21_04