CVE-2021-26563

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.4-25553

Description The issue is related to an incorrect authorization vulnerability in the synoagentregisterd component of Synology DiskStation Manager (DSM), allowing local users to execute arbitrary code via unspecified vectors. Additionally, it has been described as an improper access control vulnerability that allows local users to obtain sensitive information via a crafted kernel module.

Recommendations For versions prior to 6.2.4-25553, update to version 6.2.4-25553 or later to resolve the issue. As a temporary workaround, consider restricting access to the synoagentregisterd component until a patch is applied.