CVE-2021-26566
CVE-2021-26566
In short
A flaw in Synology DiskStation Manager allows attackers on the network to intercept QuickConnect traffic and run arbitrary commands on the device. This happens because sensitive information is being sent insecurely, making it easy for someone between you and the server to take control.
Technical detail
A man-in-the-middle vulnerability in synorelayd component of DSM versions before 6.2.3-25426-3 permits unauthenticated remote code execution through interception of inbound QuickConnect traffic. The vulnerability stems from insertion of sensitive information into sent data without proper encryption, enabling command injection by network-positioned attackers.
Summary generated and translated by AI from the official description.
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Synology · Synology DiskStation Manager (DSM)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →