Details of VAR-202106-1225

ID

VAR-202106-1225

CVE

CVE-2021-34810

TITLE

Synology Download Station Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-008293

DESCRIPTION

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability

Trust: 1.71

sources: NVD: CVE-2021-34810 // JVNDB: JVNDB-2021-008293 // VULHUB: VHN-395054

AFFECTED PRODUCTS

vendor:	synology	model:	download station	scope:	lt	version:	3.8.16-3566	Trust: 1.0
vendor:	synology	model:	download station	scope:	eq	version:	3.8.16-3566	Trust: 0.8
vendor:	synology	model:	download station	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008293 // NVD: CVE-2021-34810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34810
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2021-34810
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-34810
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202106-1395
value:	HIGH
Trust: 0.6
VULHUB:	VHN-395054
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34810
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-395054
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34810
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security@synology.com:	CVE-2021-34810
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34810
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395054 // JVNDB: JVNDB-2021-008293 // CNNVD: CNNVD-202106-1395 // NVD: CVE-2021-34810 // NVD: CVE-2021-34810

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	Improper authority management (CWE-269) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-395054 // JVNDB: JVNDB-2021-008293 // NVD: CVE-2021-34810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1395

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-1395

PATCH

title:	Synology-SA-21	url:	https://www.synology.com/security/advisory/Synology_SA_21_11	Trust: 0.8
title:	Synology Download Station Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155312	Trust: 0.6

sources: JVNDB: JVNDB-2021-008293 // CNNVD: CNNVD-202106-1395

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34810	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008293	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1395	Trust: 0.6
db:	VULHUB	id:	VHN-395054	Trust: 0.1

sources: VULHUB: VHN-395054 // JVNDB: JVNDB-2021-008293 // CNNVD: CNNVD-202106-1395 // NVD: CVE-2021-34810

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_21_11	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34810	Trust: 1.4

sources: VULHUB: VHN-395054 // JVNDB: JVNDB-2021-008293 // CNNVD: CNNVD-202106-1395 // NVD: CVE-2021-34810

SOURCES

db:	VULHUB	id:	VHN-395054
db:	JVNDB	id:	JVNDB-2021-008293
db:	CNNVD	id:	CNNVD-202106-1395
db:	NVD	id:	CVE-2021-34810

LAST UPDATE DATE

2024-08-14T15:01:27.314000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395054	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008293	date:	2022-03-11T08:51:00
db:	CNNVD	id:	CNNVD-202106-1395	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2021-34810	date:	2021-06-24T02:23:19.463

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395054	date:	2021-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-008293	date:	2022-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202106-1395	date:	2021-06-17T00:00:00
db:	NVD	id:	CVE-2021-34810	date:	2021-06-18T03:15:06.873