Maximum severity vulnerability fixed by Synology in VPN routers

Synology, a Taiwanese NAS manufacturer has fixed a maximum (10/10 severity) vulnerability that affected routers designed to be used as VPN servers.

This vulnerability was identified as by Synology’s Product Security Incident Response Team. It was found in VPN Plus Server software. The company gave it a CVSS3 Base Score maximum of 10.

VPN Plus Server allows administrators to configure Synology routers to act as VPN servers to enable remote access to router resources.

This vulnerability is easy to exploit without the need for privileges on targeted routers, or any user interaction.

Synology stated that a vulnerability allowed remote attackers possible to execute an arbitrary command using a vulnerable version of Synology VPN Plus Server. This was in response to a Friday security advisory.

Remote attackers can execute unspecified commands through an “out-of-bounds” vulnerability in Remote Desktop Functionality of Synology VPN Plus Server prior to 1.4.3-0534 or 1.4.4-0635

Writing vulnerabilities that are out of bounds can have severe consequences, including data corruption and system crashes.

Synology released security updates in order to fix the problem and recommends that customers upgrade VPN Plus Server to SRM (Synology Rout Manager) to the most current version.

Produit Fixed release availability
VPN Plus Server for SRM 1.3 Upgrade to or higher
VPN Plus Server for SRM 1.2 Upgrade to or higher

Synology released a last month. It was rated as severe severity. Synology also announced it had fixed multiple security flaws in Synology Router Manager.

“Multiple vulnerabilities enable remote attackers can execute arbitrary commands, perform denial-of service attacks or readarbitrary files via a vulnerable version of Synology Router Manager(SRM),” said .

Although Synology did not list security flaws CVE IDs for the router, several researchers and teams were credited with reporting them. At least two had successfully demonstrated zero-day exploits against the Synology RT6600ax router in the first day of the Pwn2Own Toronto hacking contest .

For on the Synology RT6600ax WAN Interface, Gaurav Baruah was paid $20,000

Computest was also credited with the December advisory. that targeted the LAN interface of the Synology router.