CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-27646

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile36.62th
Published2021年3月12日
Last Modified2025年1月14日

Vulnerability Description

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Affected Platforms (CPE)

💻
Synology

Diskstation Manager

< 6.2.3-25426-3

References & Advisories

🔗 https://www.synology.com/security/advisory/Synology_SA_20_26
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-339/
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-340/
🔗 https://www.synology.com/security/advisory/Synology_SA_20_26
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-339/
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-340/

相关漏洞威胁

CVE-2013-695510.0

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 U...

CVE-2021-276499.8

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows...

CVE-2021-265699.8

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-...

CVE-2021-276479.8

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows rem...