CVE-2021-43928
CRITICALSynology Mail Station <20211105-10315 - Command Injection
Title source: llmDescription
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_21_28
Scores
CVSS v3
9.9
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
synology/mail_station
< 20211105
Published
Feb 07, 2022
Tracked Since
Feb 18, 2026