Synology, a networking and storage solutions provider based in Taiwan, has published two advisories before the end of last year notifying its customers that patches to several recently discovered bugs had been released, SecurityWeek reports.
The first advisory also describes the out-of-bounds write flaw in the remote desktop functionality of Synology VPN Plus Server, which can enable remote attackers to launch arbitrary commands. Meanwhile, the second advisory details multiple bugs affecting the Synology Router Manager that can be exploited via denial-of-service attacks, reading arbitrary files, and arbitrary command execution.
The second advisory also gave credit to the people who discovered and reported the bugs, including Computest and Gaurav Baruah, who were part of Trend Micros Zero Day Initiative.
Other vulnerabilities that had been patched were first demonstrated at the Pwn2Own Toronto 2022 hacking contest last month, where participants garnered a total of over $80,000 for compromising Synology routers and NAS devices.
Endpoint/Device Security, Vulnerability Management
Synology rolls out patches for critical security bugs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds