CVE-2021-26569

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 12, 2021

Updated: Jan 14, 2025

CWE ID 366

CWE ID 362

Summary

CVE-2021-26569 is a race condition vulnerability affecting Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3. This issue resides within the iscsi_snapshot_comm_core functionality. An attacker can exploit this flaw by sending crafted web requests, allowing them to execute arbitrary code remotely. This vulnerability could potentially lead to significant security risks if not addressed promptly. Users of Synology DiskStations are advised to update their software to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DiskStation Manager

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/gs74KH
https://www.cve.org/CVERecord?id=CVE-2021-26569
https://nvd.nist.gov/vuln/detail/CVE-2021-26569

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners