CVE-2021-29088: Path Traversal
First published: Tue May 18 2021(Updated: )
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology DiskStation Manager | <6.2.4-25553 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-29088.
What is the severity level of CVE-2021-29088?
The severity level of CVE-2021-29088 is high with a score of 7.8.
What is the affected software for CVE-2021-29088?
The affected software for CVE-2021-29088 is Synology DiskStation Manager (DSM) before 6.2.4-25553.
What is the CWE ID for CVE-2021-29088?
The CWE ID for CVE-2021-29088 is CWE-22.
How can I fix CVE-2021-29088?
To fix CVE-2021-29088, it is recommended to update Synology DiskStation Manager to version 6.2.4-25553 or later.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/synology
- canonical/synology diskstation manager