Details of VAR-202106-1168

ID

VAR-202106-1168

CVE

CVE-2021-33182

TITLE

Synology DiskStation Manager Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2021-007545

DESCRIPTION

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. Synology DiskStation Manager (DSM) Contains a path traversal vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Trust: 1.71

sources: NVD: CVE-2021-33182 // JVNDB: JVNDB-2021-007545 // VULHUB: VHN-393196

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.4-25553	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2.4-25553	Trust: 0.8

sources: JVNDB: JVNDB-2021-007545 // NVD: CVE-2021-33182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33182
value:	MEDIUM
Trust: 1.0
security@synology.com:	CVE-2021-33182
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33182
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-084
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393196
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33182
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393196
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33182
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2021-33182
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33182
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393196 // JVNDB: JVNDB-2021-007545 // CNNVD: CNNVD-202106-084 // NVD: CVE-2021-33182 // NVD: CVE-2021-33182

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393196 // JVNDB: JVNDB-2021-007545 // NVD: CVE-2021-33182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-084

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202106-084

PATCH

title:	Synology-SA-21	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_21_03	Trust: 0.8
title:	Synology DiskStation Manager Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152796	Trust: 0.6

sources: JVNDB: JVNDB-2021-007545 // CNNVD: CNNVD-202106-084

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33182	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007545	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-084	Trust: 0.7
db:	VULHUB	id:	VHN-393196	Trust: 0.1

sources: VULHUB: VHN-393196 // JVNDB: JVNDB-2021-007545 // CNNVD: CNNVD-202106-084 // NVD: CVE-2021-33182

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_21_03	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33182	Trust: 1.4

sources: VULHUB: VHN-393196 // JVNDB: JVNDB-2021-007545 // CNNVD: CNNVD-202106-084 // NVD: CVE-2021-33182

SOURCES

db:	VULHUB	id:	VHN-393196
db:	JVNDB	id:	JVNDB-2021-007545
db:	CNNVD	id:	CNNVD-202106-084
db:	NVD	id:	CVE-2021-33182

LAST UPDATE DATE

2024-08-14T14:38:00.268000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393196	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-007545	date:	2022-02-15T08:55:00
db:	CNNVD	id:	CNNVD-202106-084	date:	2021-06-10T00:00:00
db:	NVD	id:	CVE-2021-33182	date:	2021-06-09T19:37:01.383

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393196	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-007545	date:	2022-02-15T00:00:00
db:	CNNVD	id:	CNNVD-202106-084	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-33182	date:	2021-06-01T14:15:10.147