Endpoint/Device Security, Vulnerability Management

Synology rolls out patches for critical security bugs

Synology, a networking and storage solutions provider based in Taiwan, has published two advisories before the end of last year notifying its customers that patches to several recently discovered bugs had been released, SecurityWeek reports. The first advisory also describes the out-of-bounds write flaw in the remote desktop functionality of Synology VPN Plus Server, which can enable remote attackers to launch arbitrary commands. Meanwhile, the second advisory details multiple bugs affecting the Synology Router Manager that can be exploited via denial-of-service attacks, reading arbitrary files, and arbitrary command execution. The second advisory also gave credit to the people who discovered and reported the bugs, including Computest and Gaurav Baruah, who were part of Trend Micros Zero Day Initiative. Other vulnerabilities that had been patched were first demonstrated at the Pwn2Own Toronto 2022 hacking contest last month, where participants garnered a total of over $80,000 for compromising Synology routers and NAS devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.