CVE-2021-29085

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3

Description: The issue is related to the improper neutralization of special elements in output used by a downstream component, also known as an 'Injection' vulnerability, in the file sharing management component. This allows remote attackers to read arbitrary files via unspecified vectors.

Recommendations: For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file sharing management component to minimize the risk of exploitation.