Nuno Posted February 22, 2022 Share #1 Posted February 22, 2022 (edited) Seems that all 6-2 and 7 versions are affected A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of DiskStation Manager (DSM).https://www.synology.com/en-global/security/advisory/Synology_SA_22_03 Found this info on https://www.computerbase.de/2022-02/synology-nas-sicherheitsluecke-erlaubt-beliebige-code-ausfuehrung/ (german) For my "real" Synology I had to manually download 6.2.4-25556-5 as it was not yet shown in interface Edited February 22, 2022 by Nuno info about version Quote Link to comment Share on other sites More sharing options...
flyride Posted February 22, 2022 Share #2 Posted February 22, 2022 Don't expose DSM directly to the Internet Quote Link to comment Share on other sites More sharing options...
Orphée Posted February 22, 2022 Share #3 Posted February 22, 2022 (edited) 1 hour ago, Nuno said: Seems that all 6-2 and 7 versions are affected A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of DiskStation Manager (DSM).https://www.synology.com/en-global/security/advisory/Synology_SA_22_03 Found this info on https://www.computerbase.de/2022-02/synology-nas-sicherheitsluecke-erlaubt-beliebige-code-ausfuehrung/ (german) For my "real" Synology I had to manually download 6.2.4-25556-5 as it was not yet shown in interface At least the vulnerability can't be exploited without being already authenticated... If you must expose DSM, at least use a really strong password, enable multi factor authentication. and configure ban settings. Edited February 22, 2022 by Orphée Quote Link to comment Share on other sites More sharing options...
Niels_J Posted March 2, 2022 Share #4 Posted March 2, 2022 On 2/22/2022 at 5:17 PM, flyride said: Don't expose DSM directly to the Internet So don't open the gate in the router? I can only access my Diskstation when connected to LAN, so I'm guessing I'm safe(?) 😕 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.