Sign-up

ID

VAR-202102-1230


CVE

CVE-2021-26566


TITLE

Synology DiskStation Manager  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004179

DESCRIPTION

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. There is a security vulnerability in Synology DiskStation Manager before 6.2.3-25426-3

Trust: 2.34

sources: NVD: CVE-2021-26566 // JVNDB: JVNDB-2021-004179 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385707 // VULMON: CVE-2021-26566

AFFECTED PRODUCTS

vendor:synologymodel:diskstation managerscope:ltversion:6.2.3-25426-3

Trust: 1.0

vendor:synologymodel:diskstation manager unified controllerscope:eqversion:3.0

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:synologymodel:diskstation managerscope: - version: -

Trust: 0.8

vendor:synologymodel:diskstation manager unified controllerscope: - version: -

Trust: 0.8

vendor:synologymodel:skynasscope: - version: -

Trust: 0.8

vendor:synologymodel:vs960hdscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004179 // NVD: CVE-2021-26566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26566
value: CRITICAL

Trust: 1.0

security@synology.com: CVE-2021-26566
value: HIGH

Trust: 1.0

NVD: CVE-2021-26566
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202102-1705
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-385707
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-26566
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26566
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-385707
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26566
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

security@synology.com: CVE-2021-26566
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-26566
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-385707 // VULMON: CVE-2021-26566 // JVNDB: JVNDB-2021-004179 // CNNVD: CNNVD-202102-1705 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26566 // NVD: CVE-2021-26566

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-201

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-385707 // JVNDB: JVNDB-2021-004179 // NVD: CVE-2021-26566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1705

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202102-1705

PATCH

title:Synology-SA-20url:https://www.synology.com/security/advisory/Synology_SA_20_26

Trust: 0.8

title:Synology DiskStation Manager Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=143553

Trust: 0.6

sources: JVNDB: JVNDB-2021-004179 // CNNVD: CNNVD-202102-1705

EXTERNAL IDS

db:NVDid:CVE-2021-26566

Trust: 2.6

db:TALOSid:TALOS-2020-1160

Trust: 1.8

db:JVNDBid:JVNDB-2021-004179

Trust: 0.8

db:CS-HELPid:SB2021042002

Trust: 0.6

db:CNNVDid:CNNVD-202102-1705

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-385707

Trust: 0.1

db:VULMONid:CVE-2021-26566

Trust: 0.1

sources: VULHUB: VHN-385707 // VULMON: CVE-2021-26566 // JVNDB: JVNDB-2021-004179 // CNNVD: CNNVD-202102-1705 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26566

REFERENCES

url:https://www.synology.com/security/advisory/synology_sa_20_26

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-26566

Trust: 1.4

url:https://www.talosintelligence.com/vulnerability_reports/talos-2020-1160

Trust: 1.2

url:https://talosintelligence.com/vulnerability_reports/talos-2020-1160

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042002

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-385707 // VULMON: CVE-2021-26566 // JVNDB: JVNDB-2021-004179 // CNNVD: CNNVD-202102-1705 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26566

SOURCES

db:VULHUBid:VHN-385707
db:VULMONid:CVE-2021-26566
db:JVNDBid:JVNDB-2021-004179
db:CNNVDid:CNNVD-202102-1705
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-26566

LAST UPDATE DATE

2024-11-23T21:09:25.147000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-385707date:2022-10-24T00:00:00
db:VULMONid:CVE-2021-26566date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2021-004179date:2021-11-16T06:39:00
db:CNNVDid:CNNVD-202102-1705date:2022-10-25T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-26566date:2024-11-21T05:56:29.853

SOURCES RELEASE DATE

db:VULHUBid:VHN-385707date:2021-02-26T00:00:00
db:VULMONid:CVE-2021-26566date:2021-02-26T00:00:00
db:JVNDBid:JVNDB-2021-004179date:2021-11-16T00:00:00
db:CNNVDid:CNNVD-202102-1705date:2021-02-26T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-26566date:2021-02-26T22:15:20.567