CVE-2021-26563 — Incorrect Authorization in Synology Diskstation Manager

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.7MEDIUMNVD

CNA8.2

EPSS

0.1%

top 69.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager Synology Diskstation Manager Unified Controller

Timeline

PublishedFeb 26

Latest updateMay 24

Description

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5synology/diskstation_managerunspecified — 6.2.4-25553

▶NVDsynology/diskstation_manager< 6.2.4-25553

▶NVDsynology/diskstation_manager_unified_controller3.0

🔴Vulnerability Details

GHSA

GHSA-ppq5-6h29-8hm2: Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6↗2022-05-24

▶

CVEList

CVE-2021-26563: Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6↗2021-02-26

▶