CVE-2021-26561
Published Feb 26, 2021
Last updated 3 years ago
Overview
- Description
- Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
- Source
- security@synology.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A47DA1-91A8-408B-9985-59C64DFF81DC", "versionEndExcluding": "6.2.3-25426-3" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0A88A76-CF8A-4D29-B480-E5317219072D" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53EF087B-D7E9-4F9A-803A-B0260C495C67" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B04366E-B5F8-4835-B1FB-106AFD3D3785" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:synology:uc3200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1100D972-198E-45F9-8F04-763F6FE88377" } ], "operator": "OR" } ], "operator": "AND" } ]