CVE-2021-33182Path Traversal in Synology Diskstation Manager

CWE-22Path Traversal3 documents3 sources
Severity
4.3MEDIUMNVD
CNA5.0
EPSS
0.2%
top 63.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Diskstation ManagerSynology Diskstation Manager
Timeline
PublishedJun 1
Latest updateMay 24

Description

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsynology/diskstation_manager< 6.2.4-25553
CVEListV5synology/synology_diskstation_managerunspecified6.2.4-25553

🔴Vulnerability Details

2
GHSA
GHSA-r945-qf65-4pr8: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (2022-05-24
CVEList
CVE-2021-33182: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (2021-06-01
CVE-2021-33182 — Path Traversal in Synology | cvebase