CVE-2021-29083

Summary

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.

Affected Software

VendorProductVersion RangeStatus
SynologySynology DiskStation Manager (DSM)unspecified < 6.2.3-25426-3affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References