Sign-up

ID

VAR-202106-1480


CVE

CVE-2021-29089


TITLE

Synology Photo Station  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007589

DESCRIPTION

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. Synology Photo Station Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company

Trust: 1.71

sources: NVD: CVE-2021-29089 // JVNDB: JVNDB-2021-007589 // VULHUB: VHN-388629

AFFECTED PRODUCTS

vendor:synologymodel:photo stationscope:gteversion:6.8

Trust: 1.0

vendor:synologymodel:photo stationscope:ltversion:6.8.14-3500

Trust: 1.0

vendor:synologymodel:photo stationscope:eqversion: -

Trust: 0.8

vendor:synologymodel:photo stationscope:eqversion:6.8.14-3500

Trust: 0.8

sources: JVNDB: JVNDB-2021-007589 // NVD: CVE-2021-29089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-29089
value: CRITICAL

Trust: 1.0

security@synology.com: CVE-2021-29089
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-29089
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202106-114
value: CRITICAL

Trust: 0.6

VULHUB: VHN-388629
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-29089
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-388629
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-29089
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-007589
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-388629 // JVNDB: JVNDB-2021-007589 // CNNVD: CNNVD-202106-114 // NVD: CVE-2021-29089 // NVD: CVE-2021-29089

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-388629 // JVNDB: JVNDB-2021-007589 // NVD: CVE-2021-29089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-114

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202106-114

PATCH

title:Synology-SA-20url:https://www.synology.com/security/advisory/Synology_SA_20_20

Trust: 0.8

title:Synology Photo Station SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152616

Trust: 0.6

sources: JVNDB: JVNDB-2021-007589 // CNNVD: CNNVD-202106-114

EXTERNAL IDS

db:NVDid:CVE-2021-29089

Trust: 3.3

db:JVNDBid:JVNDB-2021-007589

Trust: 0.8

db:CNNVDid:CNNVD-202106-114

Trust: 0.6

db:VULHUBid:VHN-388629

Trust: 0.1

sources: VULHUB: VHN-388629 // JVNDB: JVNDB-2021-007589 // CNNVD: CNNVD-202106-114 // NVD: CVE-2021-29089

REFERENCES

url:https://www.synology.com/security/advisory/synology_sa_20_20

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-29089

Trust: 1.4

sources: VULHUB: VHN-388629 // JVNDB: JVNDB-2021-007589 // CNNVD: CNNVD-202106-114 // NVD: CVE-2021-29089

SOURCES

db:VULHUBid:VHN-388629
db:JVNDBid:JVNDB-2021-007589
db:CNNVDid:CNNVD-202106-114
db:NVDid:CVE-2021-29089

LAST UPDATE DATE

2024-08-14T15:22:13.777000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-388629date:2021-06-10T00:00:00
db:JVNDBid:JVNDB-2021-007589date:2022-02-17T06:42:00
db:CNNVDid:CNNVD-202106-114date:2021-06-11T00:00:00
db:NVDid:CVE-2021-29089date:2021-06-10T20:28:46.957

SOURCES RELEASE DATE

db:VULHUBid:VHN-388629date:2021-06-02T00:00:00
db:JVNDBid:JVNDB-2021-007589date:2022-02-17T00:00:00
db:CNNVDid:CNNVD-202106-114date:2021-06-01T00:00:00
db:NVDid:CVE-2021-29089date:2021-06-02T03:15:06.647