CVE-2021-26564

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3

Description The issue concerns the cleartext transmission of sensitive information in the synorelayd component of Synology DiskStation Manager (DSM), allowing man-in-the-middle attackers to spoof servers via an HTTP session.

Recommendations For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the synorelayd component to minimize the risk of exploitation.