[Nulled] » Information security » The Taiwanese NAS manufacturer Synology
January 16 2023

The Taiwanese NAS manufacturer Synology

web3 16-01-2023, 12:20 Information security 167

The Taiwanese NAS manufacturer Synology has eliminated the vulnerability of the maximum (10/10) severity in VPN routers, as well as vulnerabilities that were probably recently used at the Pwn2Own hacking contest.

At the end of December, the company published two new critical bulletins.

One of them describes a vulnerability affecting Synology VPN Plus, a virtual private network server that allows you to configure routers as a VPN server to provide remote access to resources.

Tracked as CVE-2022-43931, an error was detected by Synology PSIRT. The vulnerability can be exploited in low-complexity attacks without privileges on target routers or user interaction.

The error of writing abroad in the remote desktop function in Synology VPN Plus Server allows remote attackers to execute arbitrary commands through unspecified vectors, leading to serious consequences such as data corruption, system failures and code execution after memory corruption.

Synology has released updates to fix the bug and recommends that customers upgrade VPN Plus Server to the latest version available.

The second bulletin describes numerous vulnerabilities affecting Synology Router Manager (SRM), the operating system on which the company's routers operate.

Vulnerabilities can be used to execute arbitrary commands, DoS-type attacks, and read arbitrary files.

Although Synology did not specify the CVE identifiers of security vulnerabilities, reports of fixed bugs are attributed to several researchers and teams.

Moreover, at least two of them, including Gaurav Baruah and Computest, successfully demonstrated 0-day exploits targeting the Synology RT6600ax router on the first day of Pwn2Own 2022 in Toronto.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:20
  • Publication category(s): Information security
  • Number of views of the publication: 167
  • Number of comments to the publication: 0

Related News

15 January 2023
Information security
Synology has eliminated

Synology has eliminated a critical vulnerability in VPN routers

Read more
16 January 2023
Information security
Netgear has fixed a

Netgear has fixed a serious vulnerability affecting Wi-Fi routers and advised customers to update the software on

Read more
12 November 2022
Magento script»,Modules Magento
Synology NAS and Magento

Hello everyone There is a home server based on Synology NAS 920+. There is an idea to deploy a full-fledged web

Read more
16 January 2023
Information security
Most Cacti installations

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is

Read more
16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +4 Total articles 6750
  • +22 Comments 4230
  • +38 Users : 6050