Details of VAR-202106-1166

ID

VAR-202106-1166

CVE

CVE-2021-33180

TITLE

Synology Media Server In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007488

DESCRIPTION

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Synology Media Server Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Media Server is a media server

Trust: 1.71

sources: NVD: CVE-2021-33180 // JVNDB: JVNDB-2021-007488 // VULHUB: VHN-393194

AFFECTED PRODUCTS

vendor:	synology	model:	media server	scope:	lt	version:	1.8.1-2876	Trust: 1.0
vendor:	synology	model:	media server	scope:	eq	version:	1.8.1-2876	Trust: 0.8
vendor:	synology	model:	media server	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007488 // NVD: CVE-2021-33180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33180
value:	CRITICAL
Trust: 1.0
security@synology.com:	CVE-2021-33180
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33180
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202106-070
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-393194
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-33180
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393194
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33180
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2021-33180
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33180
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393194 // JVNDB: JVNDB-2021-007488 // CNNVD: CNNVD-202106-070 // NVD: CVE-2021-33180 // NVD: CVE-2021-33180

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.1
problemtype:	SQL injection (CWE-89) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-393194 // JVNDB: JVNDB-2021-007488 // NVD: CVE-2021-33180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-070

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202106-070

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_24	Trust: 0.8
title:	Synology Media Server SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153506	Trust: 0.6

sources: JVNDB: JVNDB-2021-007488 // CNNVD: CNNVD-202106-070

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33180	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007488	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-070	Trust: 0.6
db:	VULHUB	id:	VHN-393194	Trust: 0.1

sources: VULHUB: VHN-393194 // JVNDB: JVNDB-2021-007488 // CNNVD: CNNVD-202106-070 // NVD: CVE-2021-33180

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_24	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33180	Trust: 0.8

sources: VULHUB: VHN-393194 // JVNDB: JVNDB-2021-007488 // CNNVD: CNNVD-202106-070 // NVD: CVE-2021-33180

SOURCES

db:	VULHUB	id:	VHN-393194
db:	JVNDB	id:	JVNDB-2021-007488
db:	CNNVD	id:	CNNVD-202106-070
db:	NVD	id:	CVE-2021-33180

LAST UPDATE DATE

2024-08-14T15:17:10.793000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393194	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-007488	date:	2022-02-14T09:15:00
db:	CNNVD	id:	CNNVD-202106-070	date:	2021-06-10T00:00:00
db:	NVD	id:	CVE-2021-33180	date:	2021-06-09T00:57:33.713

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393194	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-007488	date:	2022-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-070	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-33180	date:	2021-06-01T14:15:10.073