CVE-2021-29086 MEDIUM

CVE-2021-29086

Vendor Synology

Product DiskStation Manager (DSM)

Weakness CWE-200 · Info exposure

Published June 23, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.

Key dates

02Disclosure timeline

June 23, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-29086

Related vulnerabilities

04Related CVE

CVE-2023-1562 Full name revealed via /plugins/focalboard/api/v2/users CVE-2024-13562 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media CVE-2025-49177 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode CVE-2025-1606 SourceCodester Best Employee Management System backups.php information disclosure

Identifiers

CVE CVE-2021-29086

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions

Vendor Synology

Product DiskStation Manager (DSM)

Affected ≥ unspecified and < 6.2.3-25426-3