PT-2021-17043 · Synology · Synology Diskstation Manager

Claudio Bozzato

Published

2021-02-26

Updated

2025-01-14

CVE-2021-26565

CVSS v3.1

8.3

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3

Description The issue concerns the cleartext transmission of sensitive information in the synorelayd component of Synology DiskStation Manager (DSM). This allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

Recommendations For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the synorelayd component to minimize the risk of exploitation.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2021-26565

Affected Products

Synology Diskstation Manager

PT-2021-17043 · Synology · Synology Diskstation Manager

CVE-2021-26565

Weakness Enumeration

Related Identifiers

Affected Products

References · 5