CVE-2021-29084

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager versions prior to 6.2.3-25426-3

Description: The issue is related to improper neutralization of special elements in output used by a downstream component, also known as an 'Injection' vulnerability, in the Security Advisor report management component. This allows remote attackers to read arbitrary files via unspecified vectors.

Recommendations: For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Advisor report management component to minimize the risk of exploitation.