Nuno Posted February 22, 2022 #1 Posted February 22, 2022 (edited) Seems that all 6-2 and 7 versions are affected A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of DiskStation Manager (DSM).https://www.synology.com/en-global/security/advisory/Synology_SA_22_03 Found this info on https://www.computerbase.de/2022-02/synology-nas-sicherheitsluecke-erlaubt-beliebige-code-ausfuehrung/ (german) For my "real" Synology I had to manually download 6.2.4-25556-5 as it was not yet shown in interface Edited February 22, 2022 by Nuno info about version Quote
flyride Posted February 22, 2022 #2 Posted February 22, 2022 Don't expose DSM directly to the Internet Quote
Orphée Posted February 22, 2022 #3 Posted February 22, 2022 (edited) 1 hour ago, Nuno said: Seems that all 6-2 and 7 versions are affected A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of DiskStation Manager (DSM).https://www.synology.com/en-global/security/advisory/Synology_SA_22_03 Found this info on https://www.computerbase.de/2022-02/synology-nas-sicherheitsluecke-erlaubt-beliebige-code-ausfuehrung/ (german) For my "real" Synology I had to manually download 6.2.4-25556-5 as it was not yet shown in interface At least the vulnerability can't be exploited without being already authenticated... If you must expose DSM, at least use a really strong password, enable multi factor authentication. and configure ban settings. Edited February 22, 2022 by Orphée Quote
Niels_J Posted March 2, 2022 #4 Posted March 2, 2022 On 2/22/2022 at 5:17 PM, flyride said: Don't expose DSM directly to the Internet So don't open the gate in the router? I can only access my Diskstation when connected to LAN, so I'm guessing I'm safe(?) 😕 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.