What is the severity of CVE-2021-29087?

The severity of CVE-2021-29087 is high with a severity value of 7.5.

What is CVE-2021-29087?

CVE-2021-29087 is an 'Improper limitation of a pathname to a restricted directory (Path Traversal)' vulnerability in the webapi component in Synology DiskStation Manager (DSM) before version 6.2.3-25426-3.

How does CVE-2021-29087 impact Synology DiskStation Manager?

CVE-2021-29087 allows remote attackers to write arbitrary files via unspecified vectors, posing a security risk to the affected Synology DiskStation Manager (DSM) versions.

Which versions of Synology DiskStation Manager (DSM) are affected by CVE-2021-29087?

Versions of Synology DSM before 6.2.3-25426-3, including DiskStation Manager and Diskstation Manager Unified Controller versions up to 3.1-23033, are affected by CVE-2021-29087.

How can I fix CVE-2021-29087?

To fix CVE-2021-29087, it is recommended to update Synology DiskStation Manager (DSM) to version 6.2.3-25426-3 or later by following the instructions provided by Synology in their security advisory.

Vulnerability/
CVE-2021-29087

high

7.5

CWE

23/6/2021

29/6/2021

CVE-2021-29087: Path Traversal

First published: Wed Jun 23 2021(Updated: )

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.

Credit: security@synology.com

Affected Software	Affected Version	How to fix
Synology DiskStation Manager	>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller	<3.1-23033

Never miss a vulnerability like this again

Reference Links

https://www.synology.com/security/advisory/Synology_SA_20_26

Frequently Asked Questions

What is the severity of CVE-2021-29087?
The severity of CVE-2021-29087 is high with a severity value of 7.5.
What is CVE-2021-29087?
CVE-2021-29087 is an 'Improper limitation of a pathname to a restricted directory (Path Traversal)' vulnerability in the webapi component in Synology DiskStation Manager (DSM) before version 6.2.3-25426-3.
How does CVE-2021-29087 impact Synology DiskStation Manager?
CVE-2021-29087 allows remote attackers to write arbitrary files via unspecified vectors, posing a security risk to the affected Synology DiskStation Manager (DSM) versions.
Which versions of Synology DiskStation Manager (DSM) are affected by CVE-2021-29087?
Versions of Synology DSM before 6.2.3-25426-3, including DiskStation Manager and Diskstation Manager Unified Controller versions up to 3.1-23033, are affected by CVE-2021-29087.
How can I fix CVE-2021-29087?
To fix CVE-2021-29087, it is recommended to update Synology DiskStation Manager (DSM) to version 6.2.3-25426-3 or later by following the instructions provided by Synology in their security advisory.

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/softwarecombine
agent/last-modified-date
vendor/synology
canonical/synology diskstation manager
version/synology diskstation manager/6.2
canonical/synology diskstation manager unified controller

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.