CVE-2021-29091Path Traversal in Synology Photo Station

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
CNA7.7
EPSS
0.2%
top 57.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Photo StationSynology Photo Station
Timeline
PublishedJun 2
Latest updateMay 24

Description

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsynology/photo_station6.86.8.14-3500
CVEListV5synology/synology_photo_stationunspecified6.8.14-3500

🔴Vulnerability Details

2
GHSA
GHSA-67j5-jjhw-3h9m: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station be2022-05-24
CVEList
CVE-2021-29091: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station be2021-06-02
CVE-2021-29091 — Path Traversal in Synology | cvebase