Details of VAR-202102-1229

ID

VAR-202102-1229

CVE

CVE-2021-26565

TITLE

Synology DiskStation Manager Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004178

DESCRIPTION

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. There is a security vulnerability in Synology DiskStation Manager before 6.2.3-25426-3

Trust: 2.25

sources: NVD: CVE-2021-26565 // JVNDB: JVNDB-2021-004178 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385706

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-3	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	eq	version:	3.0	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager unified controller	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	vs960hd	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004178 // NVD: CVE-2021-26565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26565
value:	MEDIUM
Trust: 1.0
security@synology.com:	CVE-2021-26565
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-26565
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1704
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-385706
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26565
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-385706
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26565
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2021-26565
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26565
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385706 // JVNDB: JVNDB-2021-004178 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-1704 // NVD: CVE-2021-26565 // NVD: CVE-2021-26565

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	Sending important information in clear text (CWE-319) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-385706 // JVNDB: JVNDB-2021-004178 // NVD: CVE-2021-26565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1704

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-1704

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/security/advisory/Synology_SA_20_26	Trust: 0.8
title:	Synology DiskStation Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143550	Trust: 0.6

sources: JVNDB: JVNDB-2021-004178 // CNNVD: CNNVD-202102-1704

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26565	Trust: 2.5
db:	TALOS	id:	TALOS-2020-1160	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-004178	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042002	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1704	Trust: 0.6
db:	VULHUB	id:	VHN-385706	Trust: 0.1

sources: VULHUB: VHN-385706 // JVNDB: JVNDB-2021-004178 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-1704 // NVD: CVE-2021-26565

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_26	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26565	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2020-1160	Trust: 1.1
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1160	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042002	Trust: 0.6

sources: VULHUB: VHN-385706 // JVNDB: JVNDB-2021-004178 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-1704 // NVD: CVE-2021-26565

SOURCES

db:	VULHUB	id:	VHN-385706
db:	JVNDB	id:	JVNDB-2021-004178
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202102-1704
db:	NVD	id:	CVE-2021-26565

LAST UPDATE DATE

2024-11-23T20:19:34.222000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385706	date:	2021-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-004178	date:	2021-11-16T06:39:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202102-1704	date:	2021-04-21T00:00:00
db:	NVD	id:	CVE-2021-26565	date:	2024-11-21T05:56:29.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385706	date:	2021-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004178	date:	2021-11-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202102-1704	date:	2021-02-26T00:00:00
db:	NVD	id:	CVE-2021-26565	date:	2021-02-26T22:15:20.427