CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26569

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile26.16th
PublishedMar 12, 2021
Last ModifiedJan 14, 2025

Vulnerability Description

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Affected Platforms (CPE)

πŸ’»
Synology

Diskstation Manager

< 6.2.3-25426-3

References & Advisories

πŸ”— https://www.synology.com/security/advisory/Synology_SA_20_26
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-21-338/
πŸ”— https://www.synology.com/security/advisory/Synology_SA_20_26
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-21-338/

Related Vulnerabilities

CVE-2013-695510.0

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 U...

CVE-2021-276499.8

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows...

CVE-2021-276469.8

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote ...

CVE-2021-276479.8

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows rem...