CVE-2021-26566

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3

Description The issue allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic due to the insertion of sensitive information into sent data in the synorelayd component. This can be exploited by attackers to gain unauthorized access and control.

Recommendations For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue. As a temporary workaround, consider restricting inbound QuickConnect traffic to minimize the risk of exploitation.