distance QNAP announced new vulnerabilities last weekSynology is now also reporting several vulnerabilities in its Router Manager (SRM). Users should update to SRM 1.3-9193 immediately. The vulnerability is listed under the name Synology-SA-22:07 SRM. Attackers can, among other things, perform SQL injections using an authenticated remote user. This means that the device can be completely hacked.
Discovered at the end of April 2022 and managed under Synology-SA-22 ID: 06 Netatalk, the vulnerability has so far been only discovered in DiskStation Manager (DSM) version 7.1. Here users need to update to version 7.1-42661-1 or later. Work on patching DSM 7.0 and 6.2 is currently ongoing. Additionally, the security update for VS Firmware 2.3 and SRM 1.2 is still pending. A complete overview of all current vulnerabilities can be found here.
As always, when you turn on the NAS, the device must not be connected to the Internet directly. If possible, it is recommended not to allow access to the NAS over the Internet. Firmware updates can also be performed offline.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”
More Stories
Longest jets in the universe discovered – giant particle streams as long as 140 Milky Way galaxies in a row
New method reveals 307 supernova remnants
Snapchat is upping the ante on augmented reality glasses