Vulnerability Details CVE-2021-29091
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.9%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 4.0
References
Products affected by CVE-2021-29091
-
cpe:2.3:a:synology:photo_station:6.8
-
cpe:2.3:a:synology:photo_station:6.8.0-3456
-
cpe:2.3:a:synology:photo_station:6.8.1-3458
-
cpe:2.3:a:synology:photo_station:6.8.10-3487
-
cpe:2.3:a:synology:photo_station:6.8.11-3489
-
cpe:2.3:a:synology:photo_station:6.8.12-3496
-
cpe:2.3:a:synology:photo_station:6.8.13-3499
-
cpe:2.3:a:synology:photo_station:6.8.2-3461
-
cpe:2.3:a:synology:photo_station:6.8.3-3463
-
cpe:2.3:a:synology:photo_station:6.8.4-3468
-
cpe:2.3:a:synology:photo_station:6.8.5-3471
-
cpe:2.3:a:synology:photo_station:6.8.6-3479
-
cpe:2.3:a:synology:photo_station:6.8.7-3481
-
cpe:2.3:a:synology:photo_station:6.8.8-3482
-
cpe:2.3:a:synology:photo_station:6.8.9-3483