Technology Tips

January 13, 2023

Synology Issues Patch for Severe VPN Plus Server Vulnerability

Written By Securafy Team

Synology has issued a patch for a severe vulnerability in the VPN Plus Servers that could be used to take control of systems remotely.

The vulnerability, now known as CVE-2022-43931, has a top severity score of 10 on the CVSS scale and is defined as an out-of-bounds write flaw in Synology VPN Plus Server's remote desktop feature.

The business added that successfully exploiting the flaw "enables remote attackers to run arbitrary commands through unknown vectors," adding that its internal Product Security Incident Response Team had detected it.

Updates to versions 1.4.3-0534 and 1.4.4-0635 are recommended for users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and 1.3, respectively.

It is not the first time Synology has had to fix a high-severity vulnerability in one of its products; in December 2022, it addressed several problems found in its Router Manager. A vulnerable version of Synology Router Manager enabled remote attackers to run arbitrary code, launch DDoS attacks, or access arbitrary files, according to a statement made at the time by the firm.

Although no CVEs were released for these flaws, we know that at the Pwn2Own Toronto 2022 hacking competition, at least two security professionals and teams successfully developed a proof-of-concept utilizing the Synology RT6600ax router. Gaurav Baruah, a researcher in cybersecurity, received $20,000 for successfully launching a command injection attack on the Synology RT6600ax's WAN interface.

It's crucial for users of Synology's VPN Plus Server to apply the latest updates to protect against the serious vulnerability that could allow for remote command execution. This is especially important given that this is not the first time Synology has had to address high-severity vulnerabilities in its products. Staying up-to-date with security patches and updates is essential for ensuring the safety and security of your systems.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.