Details of VAR-202106-1475

ID

VAR-202106-1475

CVE

CVE-2021-29084

TITLE

Synology DiskStation Manager Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008491

DESCRIPTION

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to injection.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability.The specific flaw exists within the webapi component. The issue results from incorrect neutralization of CRLF sequences in HTTP requests. An attacker can leverage this vulnerability to disclose information in the context of the Admin user. Synology DiskStation DS418play is a network device of China Synology Corporation. Provides a storage function

Trust: 2.43

sources: NVD: CVE-2021-29084 // JVNDB: JVNDB-2021-008491 // ZDI: ZDI-21-607 // VULHUB: VHN-388624 // VULMON: CVE-2021-29084

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 1.5
vendor:	synology	model:	diskstation manager unified controller	scope:	lt	version:	3.1-23033	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-3	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	-	version:	-	Trust: 0.8

sources: ZDI: ZDI-21-607 // JVNDB: JVNDB-2021-008491 // NVD: CVE-2021-29084

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-29084
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2021-29084
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-29084
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-29084
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202105-1629
value:	HIGH
Trust: 0.6
VULHUB:	VHN-388624
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-29084
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-29084
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-388624
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-29084
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-008491
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-29084
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-607 // VULHUB: VHN-388624 // VULMON: CVE-2021-29084 // JVNDB: JVNDB-2021-008491 // CNNVD: CNNVD-202105-1629 // NVD: CVE-2021-29084 // NVD: CVE-2021-29084

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.1
problemtype:	injection (CWE-74) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-388624 // JVNDB: JVNDB-2021-008491 // NVD: CVE-2021-29084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1629

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202105-1629

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_26	Trust: 0.8
title:	Synology has issued an update to correct this vulnerability.	url:	https://www.synology.com/en-uk/security/advisory/Synology_SA_20_26	Trust: 0.7

sources: ZDI: ZDI-21-607 // JVNDB: JVNDB-2021-008491

EXTERNAL IDS

db:	NVD	id:	CVE-2021-29084	Trust: 4.1
db:	ZDI	id:	ZDI-21-607	Trust: 1.4
db:	JVNDB	id:	JVNDB-2021-008491	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12460	Trust: 0.7
db:	CNNVD	id:	CNNVD-202105-1629	Trust: 0.6
db:	VULHUB	id:	VHN-388624	Trust: 0.1
db:	VULMON	id:	CVE-2021-29084	Trust: 0.1

sources: ZDI: ZDI-21-607 // VULHUB: VHN-388624 // VULMON: CVE-2021-29084 // JVNDB: JVNDB-2021-008491 // CNNVD: CNNVD-202105-1629 // NVD: CVE-2021-29084

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_20_26	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29084	Trust: 0.8
url:	https://www.synology.com/en-uk/security/advisory/synology_sa_20_26	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-21-607/	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-607 // VULHUB: VHN-388624 // VULMON: CVE-2021-29084 // JVNDB: JVNDB-2021-008491 // CNNVD: CNNVD-202105-1629 // NVD: CVE-2021-29084

CREDITS

Justin Taft (@oneupsecurity)

Trust: 0.7

sources: ZDI: ZDI-21-607

SOURCES

db:	ZDI	id:	ZDI-21-607
db:	VULHUB	id:	VHN-388624
db:	VULMON	id:	CVE-2021-29084
db:	JVNDB	id:	JVNDB-2021-008491
db:	CNNVD	id:	CNNVD-202105-1629
db:	NVD	id:	CVE-2021-29084

LAST UPDATE DATE

2024-08-14T14:18:25.952000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-607	date:	2021-05-25T00:00:00
db:	VULHUB	id:	VHN-388624	date:	2021-06-29T00:00:00
db:	VULMON	id:	CVE-2021-29084	date:	2021-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-008491	date:	2022-03-18T01:13:00
db:	CNNVD	id:	CNNVD-202105-1629	date:	2021-06-30T00:00:00
db:	NVD	id:	CVE-2021-29084	date:	2021-06-29T19:54:36.310

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-607	date:	2021-05-25T00:00:00
db:	VULHUB	id:	VHN-388624	date:	2021-06-23T00:00:00
db:	VULMON	id:	CVE-2021-29084	date:	2021-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008491	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202105-1629	date:	2021-05-25T00:00:00
db:	NVD	id:	CVE-2021-29084	date:	2021-06-23T10:15:08.283