[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":106,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":113,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":119,"vulnerability-12323":126},[4,15,22,29,36,43,50,57,62,69,74,80,85,90,96],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting","compliance-advanced-pentest-reporting","Prove your compliance. Get built-in validation with audit-ready reports.","https://pentest-tools.com/pricing",false,[11],"/features/advanced-pentest-reporting","Unlock audit-ready reports","primary",null,{"title":16,"slug":17,"text":18,"link":8,"external":9,"targets":19,"cta":21,"variant":13,"campaign_id":14},"Compliance - Integrations","compliance-integrations","Disconnected tools hide compliance breaches. Stay audit-ready 24/7 with the right integrations.",[20],"/features/integrations","Automate your compliance",{"title":23,"slug":24,"text":25,"link":8,"external":9,"targets":26,"cta":28,"variant":13,"campaign_id":14},"Compliance - ML Classifier","compliance-ml-classifier","Put compliance on Auto this year with 50% fewer FPs. Go deeper with the WebNetSec plan.",[27],"/features/machine-learning-classifier","Explore WebNetSec",{"title":30,"slug":31,"text":32,"link":8,"external":9,"targets":33,"cta":35,"variant":13,"campaign_id":14},"Compliance - Pentest Robots","compliance-pentest-robots","Put compliance on Auto with Pentest Robots. Available with any plan.",[34],"/features/pentest-robots","Automate continuous scans",{"title":37,"slug":38,"text":39,"link":8,"external":9,"targets":40,"cta":42,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter","compliance-sniper-auto-exploiter","Get audit-ready proof and put compliance on Auto with our proprietary Sniper: Auto-exploiter. Available with Pentest Suite.",[41],"/exploit-helpers/sniper","Get proof with Pentest Suite",{"title":44,"slug":45,"text":46,"link":8,"external":9,"targets":47,"cta":49,"variant":13,"campaign_id":14},"Compliance - Network Scanner","compliance-network-scanner","Map your attack surface and prove infrastructure compliance with the Network Scanner. Available with any plan.",[48],"/network-vulnerability-scanning/network-security-scanner-online","Upgrade your plan",{"title":51,"slug":52,"text":53,"link":8,"external":9,"targets":54,"cta":56,"variant":13,"campaign_id":14},"Compliance - Website Scanner","compliance-website-scanner","Prove real risk instantly and put compliance on Auto with the Website Scanner. Available with the WebNetSec plan.",[55],"/website-vulnerability-scanning/website-scanner","Unlock AppSec compliance",{"title":58,"slug":59,"text":60,"link":8,"external":9,"targets":61,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting (A-B test)","compliance-advanced-pentest-reporting-1","Stop piecing together reports manually. Upgrade today to unlock instant proof for audits.",[11],{"title":63,"slug":64,"text":65,"link":8,"external":9,"targets":66,"cta":67,"variant":68,"campaign_id":14},"Compliance - Integrations (A-B test)","compliance-integrations-1","Disconnected tools will fail your next audit. Unlock the integrations needed for compliance.",[20],"Connect your stack","secondary",{"title":70,"slug":71,"text":72,"link":8,"external":9,"targets":73,"cta":28,"variant":13,"campaign_id":14},"Compliance - ML Classifier (A-B test)","compliance-ml-classifier-1","Ghost vulnerabilities drain time and chip your compliance. Upgrade to WebNetSec to stay audit-ready with 50% fewer FPs.",[27],{"title":75,"slug":76,"text":77,"link":8,"external":9,"targets":78,"cta":79,"variant":13,"campaign_id":14},"Compliance - Network Scanner (A-B test)","compliance-network-scanner-1","Unmapped assets are compliance landmines - upgrade your plan with complete attack surface visibility.",[48],"Get deep network scans",{"title":81,"slug":82,"text":83,"link":8,"external":9,"targets":84,"cta":35,"variant":13,"campaign_id":14},"Compliance - Pentest Robots (A-B test)","compliance-pentest-robots-1","Don’t leave compliance to chance - deploy Pentest Robots to quickly automate your audit readiness.",[34],{"title":86,"slug":87,"text":88,"link":8,"external":9,"targets":89,"cta":42,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter (A-B test)","compliance-sniper-auto-exploiter-1","Deliver audit-ready proof instantly and stay compliant 24/7/365 - only with Sniper: Auto-Exploiter. Available with Pentest Suite.",[41],{"title":91,"slug":92,"text":93,"link":8,"external":9,"targets":94,"cta":95,"variant":13,"campaign_id":14},"Compliance - Website Scanner (A-B test)","compliance-website-scanner-1","Web vulnerabilities let in devastating compliance fines. Stay audit-ready with deep, proprietary scans. Available with the WebNetSec plan.",[55],"Upgrade to WebNetSec",{"title":97,"slug":98,"text":99,"link":100,"external":101,"targets":102,"cta":104,"variant":13,"campaign_id":105},"Office hours #2 - session 1","office-hours-2-session-1","Got 45 minutes on Wednesday? We're going live with Office Hours!","https://zoom.us/webinar/register/4517773011637/WN_uMAjbUwRSqCj1knLCcOCTg",true,[103],"/","Save your seat","office-hours-2",["Island",107],{"key":108,"params":109,"result":111},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":110},"{}",{"head":112},{},["Island",114],{"key":115,"params":116,"result":117},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":110},{"head":118},{},["Island",120],{"key":121,"params":122,"result":124},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":123},"{\"text-color\":\"gray\"}",{"head":125},{},{"id":127,"detectable_with":128,"vuln_details":135,"vuln_id":165,"name":166,"published":167,"updated":14},12323,{"tool":129,"engine":132},{"id":130,"name":131},1,"Network Scanner",{"id":133,"name":134},3,"OpenVAS",{"id":127,"codename":14,"description":14,"severity":136,"risk_description":137,"public_description":138,"public_recommendation":139,"recommendation":14,"references":140,"cvssv3":142,"epss_score":143,"epss_percentile":144,"cve":145,"in_cisa_catalog":9,"date":164,"software_type":14,"vendor":14,"product":14,"ptt_exploit_capabilities":14},"critical","The following vulnerabilities exist / mitigation was done: - CVE-2021-26560, CVE-2021-26561, CVE-2021-26562: Multiple vulnerabilities in synoagentregisterd allow man-in-the-middle attackers to spoof servers via an HTTP session or to execute arbitrary code via syno_finder_site HTTP header. - CVE-2021-26564, CVE-2021-26565, CVE-2021-26566: Multiple vulnerabilities in synorelayd allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic, spoof servers and obtain sensitive information via an HTTP session. - CVE-2021-26567: Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. - CVE-2021-27646, CVE-2021-27647: Multiple vulnerabilities in iscsi_snapshot_comm_core allows remote attackers to execute arbitrary code via crafted web requests. - CVE-2021-27649: Use after free vulnerability in file transfer protocol component allows remote attackers to execute arbitrary code via unspecified vectors. - CVE-2021-26564: Cleartext transmission of sensitive information vulnerability in synorelayd allows man-in-the-middle attackers to spoof servers via an HTTP session. - CVE-2021-26565: Cleartext transmission of sensitive information vulnerability in synorelayd allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. - CVE-2021-29083: Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE allows remote authenticated users to execute arbitrary code via realname parameter. - CVE-2021-29084, CVE-2021-29085: Improper neutralization of special elements in Security Advisor report management and file sharing management components allows remote attackers to read arbitrary files via unspecified vectors. - CVE-2021-29086: Exposure of sensitive information vulnerability in webapi. - CVE-2021-29087: Path Traversal vulnerability in webapi component. - CVE-2021-31439: An attacker can leverage the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer, while processing the DSI structures in Netatalk, to execute code in the context of the current process. - CVE-2022-22687: Buffer copy without checking size of input (Classic Buffer Overflow) vulnerability in Authentication functionality allows remote attackers to execute arbitrary code via unspecified vectors.","Synology DiskStation Manager (DSM) is prone to multiple vulnerabilities.","Update to firmware version 6.2.3-25426-3 or later.",[141],"https://www.synology.com/en-global/security/advisory/Synology_SA_20_26",9.8,0.05341,0.90092,[146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163],"CVE-2021-26560","CVE-2021-26561","CVE-2021-26562","CVE-2021-26564","CVE-2021-26565","CVE-2021-26566","CVE-2021-26567","CVE-2021-26569","CVE-2021-27646","CVE-2021-27647","CVE-2021-27649","CVE-2021-29083","CVE-2021-29084","CVE-2021-29085","CVE-2021-29086","CVE-2021-29087","CVE-2021-31439","CVE-2022-22687","2021-02-26T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.170227","Synology DiskStation Manager (DSM) 6.2.x \u003C 6.2.3-25426-3 Multiple Vulnerabilities (Synology-SA-20:26) - Remote Known Vulnerable Versions Check","2022-11-16T00:00:00Z"]