CVE-2021-26561

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3

Description A stack-based buffer overflow issue allows man-in-the-middle attackers to execute arbitrary code via the syno finder site HTTP header. This enables attackers to potentially compromise the system.

Recommendations For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the synoagentregisterd service to minimize the risk of exploitation. Avoid using the syno finder site HTTP header in sensitive operations until the issue is resolved.