PT-2021-20664 · Synology · Synology Download Station

Published

2021-06-18

Updated

2021-06-24

CVE-2021-34809

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Synology Download Station versions prior to 3.8.16-3566

Description: The issue is related to improper neutralization of special elements used in a command, allowing remote authenticated users to execute arbitrary code.

Recommendations: For versions prior to 3.8.16-3566, update to version 3.8.16-3566 or later to resolve the issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2021-34809

Affected Products

Synology Download Station

PT-2021-20664 · Synology · Synology Download Station

CVE-2021-34809

Weakness Enumeration

Related Identifiers

Affected Products

References · 3