Vulnerability Details CVE-2021-33184
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.7%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 4.0
References
Products affected by CVE-2021-33184
-
cpe:2.3:a:synology:download_station:-
-
cpe:2.3:a:synology:download_station:3.2-2295
-
cpe:2.3:a:synology:download_station:3.3-2382
-
cpe:2.3:a:synology:download_station:3.3-2383
-
cpe:2.3:a:synology:download_station:3.3-2386
-
cpe:2.3:a:synology:download_station:3.4-2477
-
cpe:2.3:a:synology:download_station:3.4-2478
-
cpe:2.3:a:synology:download_station:3.4-2480
-
cpe:2.3:a:synology:download_station:3.4-2485
-
cpe:2.3:a:synology:download_station:3.4-2486
-
cpe:2.3:a:synology:download_station:3.4-2489
-
cpe:2.3:a:synology:download_station:3.4-2490
-
cpe:2.3:a:synology:download_station:3.4-2514
-
cpe:2.3:a:synology:download_station:3.4-2555
-
cpe:2.3:a:synology:download_station:3.4-2557
-
cpe:2.3:a:synology:download_station:3.4-2558
-
cpe:2.3:a:synology:download_station:3.5-2638
-
cpe:2.3:a:synology:download_station:3.5-2705
-
cpe:2.3:a:synology:download_station:3.5-2706
-
cpe:2.3:a:synology:download_station:3.5-2955
-
cpe:2.3:a:synology:download_station:3.5-2956
-
cpe:2.3:a:synology:download_station:3.5-2962
-
cpe:2.3:a:synology:download_station:3.5-2967
-
cpe:2.3:a:synology:download_station:3.5-2968
-
cpe:2.3:a:synology:download_station:3.5-2970
-
cpe:2.3:a:synology:download_station:3.5-2973
-
cpe:2.3:a:synology:download_station:3.5-2980
-
cpe:2.3:a:synology:download_station:3.5-2982
-
cpe:2.3:a:synology:download_station:3.8.0-3416
-
cpe:2.3:a:synology:download_station:3.8.1-3420
-
cpe:2.3:a:synology:download_station:3.8.2-3455
-
cpe:2.3:a:synology:download_station:3.8.3-3458
-
cpe:2.3:a:synology:download_station:3.8.4-3468