Synology-SA-21:10 Media Server

Publish Time: 2021-03-09 08:27:59 UTC+8

Last Updated: 2021-06-19 10:55:28 UTC+8

Abstract

A vulnerability allows remote attackers to access intranet resources via a susceptible version of Media Server.

Affected Products

Product	Severity	Fixed Release Availability
Media Server	Moderate	Upgrade to 1.8.3-2881 or above.

Mitigation

None

Detail

CVE-2021-34808
- Severity: Moderate
- CVSS3 Base Score: 5.8
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
- Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.

Acknowledgement

DVECORE

Reference

CVE-2021-34808

Revision

Revision	Date	Description
1	2021-03-09	Initial public release.
2	2021-06-19	Disclosed vulnerability details.