Synology patches maximum risk flaw in its VPN routers
>
Synology has patched a vulnerability discovered in its router software, which has been rated as maximum severity – 10/10.
According to an advisory from the NAS manufacturer, the vulnerability was discovered in the VPN Plus Server software and is now tracked as CVE-2022-43931.
The software allows the routers to be configured as VPN servers and allows remote access to the endpoints behind that router.
Remote code execution and other woes
Apparently, threat actors can exploit the flaw in low-complexity attacks and require no privileges or user interaction to gain access, with an extensive list of potential harm.
A vulnerability allows remote attackers to execute arbitrary commands through a susceptible version of Synology VPN Plus Server. “Out-of-bounds write vulnerability in Remote Desktop functionality in Synology VPN Plus Server prior to 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands through unspecified vectors.”
Out-of-bounds write vulnerabilities allow for data corruption, system crashes, as well as code execution after memory corruption, Beeping computer explained.
This is not the first time that Synology has had to address a very serious vulnerability in its products – as in December 2022, it patched several such flaws that were discovered in its Router Manager.
“Multiple vulnerabilities allow remote attackers to execute arbitrary commands, conduct denial-of-service attacks, or read arbitrary files through a sensitive version of Synology Router Manager (SRM),” the company said at the time.
No CVEs have been published for these vulnerabilities, but we do know that at least two security experts and teams have been successful in creating a proof-of-concept using the Synology RT6600ax (opens in new tab) router, during the Pwn2Own Toronto 2022 hacking competition.
Cybersecurity researcher Gaurav Baruah was awarded $20,000 for successfully conducting a command injection attack against the Synology RT6600ax’s WAN interface.
In April last year, the company announced to fix a number of bugs affecting multiple products: “Multiple vulnerabilities allow remote attackers to obtain sensitive information and potentially execute arbitrary code through a sensitive version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM),” the company said in an advisory at the time.
Through: Beeping computer (opens in new tab)