Platform
synology
Component
download-station
Fixed in
3.8.16-3566
CVE-2021-34810 describes a critical improper privilege management vulnerability affecting the cgi component of Synology Download Station. This flaw allows remote, authenticated users to execute arbitrary code, potentially leading to complete system compromise. The vulnerability impacts versions of Download Station prior to 3.8.16-3566, primarily affecting Synology Network Attached Storage (NAS) devices.
An attacker exploiting this vulnerability could gain complete control over the affected Synology NAS device. This includes the ability to execute arbitrary commands, access sensitive data stored on the device, and potentially pivot to other systems on the network. The impact is particularly severe due to the potential for remote code execution without requiring further authentication beyond initial access. Successful exploitation could lead to data breaches, ransomware deployment, and disruption of critical services. The scope of the impact extends beyond the NAS device itself, potentially affecting any systems accessible from it.
CVE-2021-34810 has been publicly disclosed and is considered a high-priority vulnerability. While no public exploits have been widely reported, the CRITICAL severity and ease of exploitation suggest a high probability of active exploitation. The vulnerability is not currently listed on CISA KEV, but its severity warrants close monitoring. Public proof-of-concept code is likely to emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
1.11% (78% percentile)
CVSS Vector
The primary mitigation for CVE-2021-34810 is to immediately upgrade Synology Download Station to version 3.8.16-3566 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider restricting access to the Download Station service to trusted users only. Implement strong authentication measures, such as multi-factor authentication, to limit the potential for unauthorized access. While a WAF might offer some protection, it is not a substitute for patching. Synology has not released specific detection signatures, but monitoring for unusual process execution or network activity originating from the Download Station service is recommended.
Update Synology Download Station to version 3.8.16-3566 or later. This update addresses a privilege management vulnerability that allows remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-34810 is a critical remote code execution vulnerability in Synology Download Station versions prior to 3.8.16-3566, allowing authenticated users to execute arbitrary code.
You are affected if you are running Synology Download Station version 3.8.16-3566 or earlier. Check your version and upgrade immediately.
Upgrade Synology Download Station to version 3.8.16-3566 or later. Refer to Synology's official advisory for detailed upgrade instructions.
While no widespread exploitation has been confirmed, the CRITICAL severity and ease of exploitation suggest a high probability of active exploitation. Monitor your systems closely.
Refer to the Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2021-34810
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.