distance QNAP announced new vulnerabilities last weekSynology is now also reporting several vulnerabilities in its Router Manager (SRM). Users should update to SRM 1.3-9193 immediately. The vulnerability is listed under the name Synology-SA-22:07 SRM. Attackers can, among other things, perform SQL injections using an authenticated remote user. This means that the device can be completely hacked.
Discovered at the end of April 2022 and managed under Synology-SA-22 ID: 06 Netatalk, the vulnerability has so far been only discovered in DiskStation Manager (DSM) version 7.1. Here users need to update to version 7.1-42661-1 or later. Work on patching DSM 7.0 and 6.2 is currently ongoing. Additionally, the security update for VS Firmware 2.3 and SRM 1.2 is still pending. A complete overview of all current vulnerabilities can be found here.
As always, when you turn on the NAS, the device must not be connected to the Internet directly. If possible, it is recommended not to allow access to the NAS over the Internet. Firmware updates can also be performed offline.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”