Synology fixes multiple critical vulnerabilities in its routers

Source
Advertisement


Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10).

The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635. A remote attacker can exploit the flaw to execute arbitrary commands via unspecified vectors.

Advertisement