VAR-202106-1170
Vulnerability from variot - Updated: 2023-12-18 14:00Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.15-3563"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.15-3563"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.15-3563",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33184"
}
]
},
"cve": "CVE-2021-33184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-33184",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-393198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-007585",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33184",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2021-33184",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-073",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-393198",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-33184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33184",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-393198",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33184",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"id": "VAR-202106-1170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:00:09.265000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-20",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_23"
},
{
"title": "Synology Download Station Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153083"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
},
{
"problemtype": "Server-side request forgery (CWE-918) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_23"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33184"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/918.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-393198"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"date": "2022-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"date": "2021-06-01T14:15:10.220000",
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"date": "2021-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393198"
},
{
"date": "2021-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"date": "2022-02-17T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"date": "2021-06-10T15:41:04.837000",
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"date": "2021-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Download\u00a0Station\u00a0 Server-side Request Forgery Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…