This reports, among others Caschy on his blog. So Synology has discovered a vulnerability classified as Critical in the VPN Plus Server implementation of SRM. VPN Plus Server for SRM 1.3 and VPN Plus Server for SRM 1.2 versions are affected. Updates are available for both versions that fill the security gap.
Few details about the patch are available
Users of VPN Plus Server for SRM 1.3 are recommended to update to 1.4.4-0635 or higher. VPN Plus Server users can upgrade to 1.4.3-0534 or later. So far, the company has not disclosed much about the vulnerability. So it is not yet known whether this vulnerability has been actively exploited or not. Either way, users should now act as soon as possible and run the update.
in a Security warning The sinologist summed up the issue as follows:
The vulnerability allows remote attackers to execute arbitrary commands through a vulnerable version of Synology VPN Plus Server. More details will be released once the update actually reaches affected users. There is currently no matching entry for CVE.
Security researcher Kevin Wang reported on the vulnerability. Wang discovered a similar vulnerability in October and reported it to the company.
See also:
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”
More Stories
Longest jets in the universe discovered – giant particle streams as long as 140 Milky Way galaxies in a row
New method reveals 307 supernova remnants
Snapchat is upping the ante on augmented reality glasses