VAR-202106-1225
Vulnerability from variot - Updated: 2024-08-14 15:01Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"cve": "CVE-2021-34810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-34810",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-395054",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34810",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2021-34810",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34810",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2021-34810",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-34810",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1395",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395054",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "VULHUB",
"id": "VHN-395054"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34810",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395054",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"id": "VAR-202106-1225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:01:27.314000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-21",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
},
{
"title": "Synology Download Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "Improper authority management (CWE-269) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34810"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-395054"
},
{
"date": "2022-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"date": "2021-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1395"
},
{
"date": "2021-06-18T03:15:06.873000",
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-395054"
},
{
"date": "2022-03-11T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1395"
},
{
"date": "2021-06-24T02:23:19.463000",
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Download\u00a0Station\u00a0 Vulnerability in privilege management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…