Vulnerability Description
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emby | Emby.Releases | <= 4.6.4.0 |
Related Weaknesses (CWE)
References
- https://securitylab.github.com/advisories/GHSL-2021-051-emby/ExploitThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-051-emby/ExploitThird Party Advisory
FAQ
What is CVE-2021-32833?
CVE-2021-32833 is a vulnerability with a CVSS score of 8.6 (HIGH). Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4...
How severe is CVE-2021-32833?
CVE-2021-32833 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32833?
Check the references section above for vendor advisories and patch information. Affected products include: Emby Emby.Releases.