Synology patches maximum risk flaw in its VPN routers

(Image credit: Future)

Synology has patched a vulnerability discovered in its router software, that’s been rated maximum severity - 10/10.

According to an advisory released by the NAS manufacturer, the vulnerability was discovered in its VPN Plus Server software, and is now being tracked as CVE-2022-43931.

The software allows the routers to be configured as VPN servers and enables remote access to the endpoints behind that router.

Remote code execution and other woes

Apparently, threat actors can exploit the flaw in low-complexity attacks, and would not require any privileges, or user interaction, to gain access, with an extensive list of potential damage.

"A vulnerability allows remote attackers to possible execute arbitrary command via a susceptible version of Synology VPN Plus Server," the advisory reads. "Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors."

Out-of-bounds write vulnerabilities allow for data corruption, system crashes, as well as code execution following memory corruption, BleepingComputer explained. 

This is not the first time Synology has had to address a high-severity vulnerability in its products - as in December 2022, it patched multiple such flaws discovered in its Router Manager.

"Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM)," the company said at the time.

No CVEs were published for these vulnerabilities, but we do know that at least two security experts and teams were successful at creating a proof-of-concept using the Synology RT6600ax router, during the Pwn2Own Toronto 2022 hacking contest. 

Cybersecurity researcher Gaurav Baruah was awarded $20,000 for successfully running a command injection attack against the WAN interface of the Synology RT6600ax.

In April last year, the company announced patching a number of flaws affecting multiple products: "Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM)," the firm said in an advisory back then.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.