Synology-SA-21:04 Video Station
Publish Time: 2021-02-23 09:17:09 UTC+8
Last Updated: 2021-06-10 16:25:07 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
A vulnerability allows remote authenticated users to access intranet resources via a susceptible version of Video Station.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
Video Station | Moderate | Upgrade to 2.4.10-1632 or above. |
Mitigation
None
Detail
- CVE-2021-33181
- Severity: Moderate
- CVSS3 Base Score: 6.6
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
- Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.
Acknowledgement
Bing-Jhong Jheng
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2021-02-23 | Initial public release. |
2 | 2021-06-10 | Disclose vulnerability details. |