Plateforme
synology
Composant
download-station
Corrigé dans
3.8.16-3566
CVE-2021-34810 describes a critical improper privilege management vulnerability affecting the cgi component of Synology Download Station. This flaw allows remote, authenticated users to execute arbitrary code, potentially leading to complete system compromise. The vulnerability impacts versions of Download Station prior to 3.8.16-3566, primarily affecting Synology Network Attached Storage (NAS) devices.
An attacker exploiting this vulnerability could gain complete control over the affected Synology NAS device. This includes the ability to execute arbitrary commands, access sensitive data stored on the device, and potentially pivot to other systems on the network. The impact is particularly severe due to the potential for remote code execution without requiring further authentication beyond initial access. Successful exploitation could lead to data breaches, ransomware deployment, and disruption of critical services. The scope of the impact extends beyond the NAS device itself, potentially affecting any systems accessible from it.
CVE-2021-34810 has been publicly disclosed and is considered a high-priority vulnerability. While no public exploits have been widely reported, the CRITICAL severity and ease of exploitation suggest a high probability of active exploitation. The vulnerability is not currently listed on CISA KEV, but its severity warrants close monitoring. Public proof-of-concept code is likely to emerge, increasing the risk of widespread exploitation.
Organizations and individuals using Synology NAS devices with Download Station installed, particularly those running older versions (≤3.8.16-3566), are at significant risk. Shared hosting environments utilizing Synology NAS devices are also vulnerable, as are users with legacy configurations that haven't been regularly updated.
• linux / server:
journalctl -u synodownloadstation | grep -i "error"• generic web:
curl -I http://<nas_ip>/webman/index.html | grep -i "synology"disclosure
Statut de l'Exploit
EPSS
1.11% (percentile 78%)
Vecteur CVSS
The primary mitigation for CVE-2021-34810 is to immediately upgrade Synology Download Station to version 3.8.16-3566 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider restricting access to the Download Station service to trusted users only. Implement strong authentication measures, such as multi-factor authentication, to limit the potential for unauthorized access. While a WAF might offer some protection, it is not a substitute for patching. Synology has not released specific detection signatures, but monitoring for unusual process execution or network activity originating from the Download Station service is recommended.
Actualice Synology Download Station a la versión 3.8.16-3566 o posterior. Esta actualización corrige una vulnerabilidad de gestión de privilegios que permite la ejecución remota de código.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-34810 is a critical remote code execution vulnerability in Synology Download Station versions prior to 3.8.16-3566, allowing authenticated users to execute arbitrary code.
You are affected if you are running Synology Download Station version 3.8.16-3566 or earlier. Check your version and upgrade immediately.
Upgrade Synology Download Station to version 3.8.16-3566 or later. Refer to Synology's official advisory for detailed upgrade instructions.
While no widespread exploitation has been confirmed, the CRITICAL severity and ease of exploitation suggest a high probability of active exploitation. Monitor your systems closely.
Refer to the Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2021-34810
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.