Act now: Synology fixes vulnerabilities in VPN Plus servers

Taiwanese manufacturer Synology has once again issued a security warning to customers. This time, users of Synology routers that use VPN Plus servers are affected. There is a patch, but little information about the vulnerability.

This reports, among others Caschy on his blog. So Synology has discovered a vulnerability classified as Critical in the VPN Plus Server implementation of SRM. VPN Plus Server for SRM 1.3 and VPN Plus Server for SRM 1.2 versions are affected. Updates are available for both versions that fill the security gap.

Few details about the patch are available

Users of VPN Plus Server for SRM 1.3 are recommended to update to 1.4.4-0635 or higher. VPN Plus Server users can upgrade to 1.4.3-0534 or later. So far, the company has not disclosed much about the vulnerability. So it is not yet known whether this vulnerability has been actively exploited or not. Either way, users should now act as soon as possible and run the update.

in a Security warning The sinologist summed up the issue as follows:

The vulnerability allows remote attackers to execute arbitrary commands through a vulnerable version of Synology VPN Plus Server. More details will be released once the update actually reaches affected users. There is currently no matching entry for CVE.

Security researcher Kevin Wang reported on the vulnerability. Wang discovered a similar vulnerability in October and reported it to the company.

See also:

security, vulnerability, security, error, hack, disable, cybercrime, warning, disabled