CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27646

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile36.62th
PublishedMar 12, 2021
Last ModifiedJan 14, 2025

Vulnerability Description

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Affected Platforms (CPE)

πŸ’»
Synology

Diskstation Manager

< 6.2.3-25426-3

References & Advisories

πŸ”— https://www.synology.com/security/advisory/Synology_SA_20_26
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-21-339/
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-21-340/
πŸ”— https://www.synology.com/security/advisory/Synology_SA_20_26
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-21-339/
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-21-340/

Related Vulnerabilities

CVE-2013-695510.0

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 U...

CVE-2021-276499.8

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows...

CVE-2021-265699.8

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-...

CVE-2021-276479.8

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows rem...

CVE-2021-27646 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space