Back to directory
WRITEUP #3704

CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads

OtherCRLF injection
byJustin Taft
Program
Synology
Published
Jun 1, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://justintaft.com/blog/2021/06/01/cve-2021-29084-synology-crlf-unauthenticated-file-downloads
RELATED WRITEUPS
Another 1500$: CR/LF Injection
OtherCRLF injection
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free

Built with ❤️ by Shubham Rawat