Login Sign Up

CVE-2021-29092

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote authenticated users to upload malicious files to Synology Photo Station, which can lead to arbitrary code execution. Attackers with valid credentials can exploit this to take control of affected systems. Only Synology Photo Station installations before version 6.8.14-3500 are affected.

💻 Affected Systems

Products:
  • Synology Photo Station
Versions: All versions before 6.8.14-3500
Operating Systems: Synology DiskStation Manager (DSM)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to Photo Station. Default installations with Photo Station enabled are vulnerable.

📦 What is this software?

Photo Station by Synology

View all CVEs affecting Photo Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary code, steal data, install persistent backdoors, or pivot to other network resources.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or ransomware deployment on the affected Photo Station instance.

🟢

If Mitigated

Limited impact with proper network segmentation and file upload restrictions, potentially only affecting the Photo Station application.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. The 'unspecified vectors' suggests multiple exploitation paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.8.14-3500 or later

Vendor Advisory: https://www.synology.com/security/advisory/Synology_SA_20_20

Restart Required: Yes

Instructions:

1. Log into DSM as administrator. 2. Open Package Center. 3. Find Photo Station. 4. Click 'Update' if available. 5. Alternatively, download version 6.8.14-3500+ from Synology website and manually install. 6. Restart Photo Station service.

🔧 Temporary Workarounds

Disable Photo Station

linux

Temporarily disable Photo Station package until patching is possible

ssh admin@synology-nas
sudo synopkg stop PhotoStation
sudo synopkg uninstall PhotoStation

Restrict file uploads

all

Configure web server to block dangerous file types

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Photo Station from critical systems
  • Enforce strong authentication policies and monitor for suspicious login attempts

🔍 How to Verify

Check if Vulnerable:

Check Photo Station version in DSM Package Center or via SSH: synopkg version PhotoStation

Check Version:

synopkg version PhotoStation

Verify Fix Applied:

Confirm version is 6.8.14-3500 or higher in Package Center

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to Photo Station
  • Suspicious authentication attempts
  • Execution of unexpected processes from Photo Station directory

Network Indicators:

  • Unusual outbound connections from Synology NAS
  • Traffic to Photo Station upload endpoints from unexpected sources

SIEM Query:

source="synology" AND (event="file_upload" OR event="package_update") AND app="PhotoStation"

📊 Metadata

CVE ID: CVE-2021-29092
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: June 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29092, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)