CVE-2021-26563

Description

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Synology / DiskStation Manager (DSM)unspecified – 6.2.4-25553

References

MISChttps://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158
MISChttps://www.synology.com/security/advisory/Synology_SA_21_03