Sign-up

ID

VAR-202106-1483


CVE

CVE-2021-29092


TITLE

Synology Photo Station  Unlimited Upload Vulnerability in File Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007554

DESCRIPTION

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Photo Station Is vulnerable to an unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company. There is a security vulnerability in Synology DiskStation Manager version 6.8.14-3500

Trust: 1.71

sources: NVD: CVE-2021-29092 // JVNDB: JVNDB-2021-007554 // VULHUB: VHN-388632

AFFECTED PRODUCTS

vendor:synologymodel:photo stationscope:gteversion:6.8

Trust: 1.0

vendor:synologymodel:photo stationscope:ltversion:6.8.14-3500

Trust: 1.0

vendor:synologymodel:photo stationscope:eqversion: -

Trust: 0.8

vendor:synologymodel:photo stationscope:eqversion:6.8.14-3500

Trust: 0.8

sources: JVNDB: JVNDB-2021-007554 // NVD: CVE-2021-29092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-29092
value: HIGH

Trust: 1.0

security@synology.com: CVE-2021-29092
value: HIGH

Trust: 1.0

NVD: CVE-2021-29092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202106-061
value: HIGH

Trust: 0.6

VULHUB: VHN-388632
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-29092
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-388632
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-29092
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-007554
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-388632 // JVNDB: JVNDB-2021-007554 // CNNVD: CNNVD-202106-061 // NVD: CVE-2021-29092 // NVD: CVE-2021-29092

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.1

problemtype:Unlimited upload of dangerous types of files (CWE-434) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-388632 // JVNDB: JVNDB-2021-007554 // NVD: CVE-2021-29092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-061

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202106-061

PATCH

title:Synology-SA-20url:https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_20

Trust: 0.8

title:Synology Photo Station Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153079

Trust: 0.6

sources: JVNDB: JVNDB-2021-007554 // CNNVD: CNNVD-202106-061

EXTERNAL IDS

db:NVDid:CVE-2021-29092

Trust: 3.3

db:JVNDBid:JVNDB-2021-007554

Trust: 0.8

db:CNNVDid:CNNVD-202106-061

Trust: 0.6

db:VULHUBid:VHN-388632

Trust: 0.1

sources: VULHUB: VHN-388632 // JVNDB: JVNDB-2021-007554 // CNNVD: CNNVD-202106-061 // NVD: CVE-2021-29092

REFERENCES

url:https://www.synology.com/security/advisory/synology_sa_20_20

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-29092

Trust: 0.8

sources: VULHUB: VHN-388632 // JVNDB: JVNDB-2021-007554 // CNNVD: CNNVD-202106-061 // NVD: CVE-2021-29092

SOURCES

db:VULHUBid:VHN-388632
db:JVNDBid:JVNDB-2021-007554
db:CNNVDid:CNNVD-202106-061
db:NVDid:CVE-2021-29092

LAST UPDATE DATE

2024-08-14T15:11:54.955000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-388632date:2021-06-09T00:00:00
db:JVNDBid:JVNDB-2021-007554date:2022-02-15T08:56:00
db:CNNVDid:CNNVD-202106-061date:2021-06-10T00:00:00
db:NVDid:CVE-2021-29092date:2021-06-09T18:29:06.127

SOURCES RELEASE DATE

db:VULHUBid:VHN-388632date:2021-06-01T00:00:00
db:JVNDBid:JVNDB-2021-007554date:2022-02-15T00:00:00
db:CNNVDid:CNNVD-202106-061date:2021-06-01T00:00:00
db:NVDid:CVE-2021-29092date:2021-06-01T14:15:09.807