Synology-SA-21:10 Media Server

Publish Time: 2021-03-09 08:27:59 UTC+8

Last Updated: 2021-06-19 10:55:28 UTC+8

Severity
Moderate
Status
Resolved

Abstract

A vulnerability allows remote attackers to access intranet resources via a susceptible version of Media Server.

Affected Products

Product Severity Fixed Release Availability
Media Server Moderate Upgrade to 1.8.3-2881 or above.

Mitigation

None

Detail

  • CVE-2021-34808
    • Severity: Moderate
    • CVSS3 Base Score: 5.8
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
    • Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.

Acknowledgement

DVECORE

Reference

CVE-2021-34808

Revision

Revision Date Description
1 2021-03-09 Initial public release.
2 2021-06-19 Disclosed vulnerability details.