CVE-2021-26566

Critical

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3…

synology·CWE-201·Published 2021-02-26

CVSS

9.0

EPSS

0.01

KEV

Exploits

cve.orgen

235 chars

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

NVDen

235 chars

NVDes

287 chars

Una vulnerabilidad de inserción de información confidencial en datos enviados en synorelayd en Synology DiskStation Manager (DSM) versiones anteriores a 6.2.3-25426-3, permite a atacantes de tipo man-in-the-middle ejecutar comandos arbitrarios por medio del tráfico entrante QuickConnect

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.0	2.2	6.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H