This reports, among others Caschy on his blog. So Synology has discovered a vulnerability classified as Critical in the VPN Plus Server implementation of SRM. VPN Plus Server for SRM 1.3 and VPN Plus Server for SRM 1.2 versions are affected. Updates are available for both versions that fill the security gap.
Few details about the patch are available
Users of VPN Plus Server for SRM 1.3 are recommended to update to 1.4.4-0635 or higher. VPN Plus Server users can upgrade to 1.4.3-0534 or later. So far, the company has not disclosed much about the vulnerability. So it is not yet known whether this vulnerability has been actively exploited or not. Either way, users should now act as soon as possible and run the update.
in a Security warning The sinologist summed up the issue as follows:
The vulnerability allows remote attackers to execute arbitrary commands through a vulnerable version of Synology VPN Plus Server. More details will be released once the update actually reaches affected users. There is currently no matching entry for CVE.
Security researcher Kevin Wang reported on the vulnerability. Wang discovered a similar vulnerability in October and reported it to the company.
See also:
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
Apple's new iPad Pro will likely launch in May, with production ramping up overseas, Bloomberg News reports – March 28, 2024 at 8:09 PM EDT
Is this Porsche 914 an outlaw Subaru like nothing you've ever seen before?
Open beta built on Unreal Engine 4 for all owners of the original