CVE-2021-26561

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 26, 2021

Updated: Jan 14, 2025

CWE ID 119

CWE ID 121

Summary

CVE-2021-26561 is a stack-based buffer overflow vulnerability affecting Synology DiskStation Manager (DSM) before version 6.2.3-25426-3. Malicious actors can exploit this issue during man-in-the-middle attacks, allowing them to execute arbitrary code by manipulating the syno_finder_site HTTP header in synoagentregisterd. This weakness poses a significant risk, potentially leading to unauthorized system access and data breaches. System administrators are strongly encouraged to upgrade their DSM installations to the latest version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

DiskStation Manager
Synology Diskstation Manager Unified Controller

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners