Vulnerability Description
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Diskstation Manager | >= 6.2, < 6.2.3-25426-3 |
| Synology | Diskstation Manager Unified Controller | < 3.1-23033 |
Related Weaknesses (CWE)
References
- https://www.synology.com/security/advisory/Synology_SA_20_26Vendor Advisory
- https://www.synology.com/security/advisory/Synology_SA_20_26Vendor Advisory
FAQ
What is CVE-2021-27649?
CVE-2021-27649 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
How severe is CVE-2021-27649?
CVE-2021-27649 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-27649?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Diskstation Manager, Synology Diskstation Manager Unified Controller.