CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-27648

CVSS 9.0v3.1pub. 2021-04-28upd. 2024-11-21

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Synology Antivirus Essential

    APP
    Synology
    < 1.4.8-2801
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-12686CRITICAL9.8PL ✓ten sam vendor

Classic Buffer Overflow w Synology BeeStation OS — zdalne wykonanie kodu

CVE-2024-45538CRITICAL9.6PL ✓ten sam vendor

CSRF umożliwiający RCE w Synology DiskStation Manager i Unified Controller

CVE-2024-10441CRITICAL9.8PL ✓ten sam vendor

RCE w Synology BeeStation OS i DSM — błąd kodowania wyjścia w systemowym daemonie

CVE-2024-10442CRITICAL10.0PL ✓ten sam vendor

RCE przez błąd off-by-one w komponencie transmisji Synology Replication Service

CVE-2024-11131CRITICAL9.8PL ✓ten sam vendor

Out-of-bounds read w firmware kamer Synology umożliwia RCE