Synology-SA-21:04 Video Station

Publish Time: 2021-02-23 09:17:09 UTC+8

Last Updated: 2021-06-10 16:25:07 UTC+8

Severity
Moderate
Status
Resolved

Abstract

A vulnerability allows remote authenticated users to access intranet resources via a susceptible version of Video Station.

Affected Products

Product Severity Fixed Release Availability
Video Station Moderate Upgrade to 2.4.10-1632 or above.

Mitigation

None

Detail

  • CVE-2021-33181
    • Severity: Moderate
    • CVSS3 Base Score: 6.6
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
    • Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.

Acknowledgement

Bing-Jhong Jheng

Reference

CVE-2021-33181

Revision

Revision Date Description
1 2021-02-23 Initial public release.
2 2021-06-10 Disclose vulnerability details.