CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads

Recently our CVE-2021-29084 went public [ZDI Link]. We thought it would be fun to share our disclosure notes. The Synology DS418play NAS contained an unauthenticated accessible endpoint vulnerable to HTTP header injection. Due to nginx’s configuration, the X-Accel-Redirect header can be used download files which are shared via SMB. Note the finding requires knowledge of […]

Remote Code Execution In Source Games

Valve’s Source SDK contained a buffer overflow vulnerability which allowed remote code execution on clients and servers. The vulnerability was exploited by fragging a player, which caused a specially crafted ragdoll model to be loaded. Multiple Source games were updated during the month of June 2017 to fix the vulnerability.