Synology has issued a patch for a severe vulnerability in the VPN Plus Servers that could be used to take control of systems remotely.
The vulnerability, now known as CVE-2022-43931, has a top severity score of 10 on the CVSS scale and is defined as an out-of-bounds write flaw in Synology VPN Plus Server's remote desktop feature.
The business added that successfully exploiting the flaw "enables remote attackers to run arbitrary commands through unknown vectors," adding that its internal Product Security Incident Response Team had detected it.
Updates to versions 1.4.3-0534 and 1.4.4-0635 are recommended for users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and 1.3, respectively.
It is not the first time Synology has had to fix a high-severity vulnerability in one of its products; in December 2022, it addressed several problems found in its Router Manager. A vulnerable version of Synology Router Manager enabled remote attackers to run arbitrary code, launch DDoS attacks, or access arbitrary files, according to a statement made at the time by the firm.
Although no CVEs were released for these flaws, we know that at the Pwn2Own Toronto 2022 hacking competition, at least two security professionals and teams successfully developed a proof-of-concept utilizing the Synology RT6600ax router. Gaurav Baruah, a researcher in cybersecurity, received $20,000 for successfully launching a command injection attack on the Synology RT6600ax's WAN interface.
It's crucial for users of Synology's VPN Plus Server to apply the latest updates to protect against the serious vulnerability that could allow for remote command execution. This is especially important given that this is not the first time Synology has had to address high-severity vulnerabilities in its products. Staying up-to-date with security patches and updates is essential for ensuring the safety and security of your systems.
If this tip helps and you would like to donate click on the button. Thanks In Advance
________________________________________________________________________________________________________
"Fortune Favors, Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"Buy a TV from TeQ I.Q. with Ease and We Install it for Free!"
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
Check out our Smart Home 10% off Daily Deal at the TeQ I.Q. Daily Deal webpage https://www.teqiq.com/daily-deal/
We now Sell, Install, Setup and Train for Smart Homes visit our webpage https://www.teqiq.com/smarthome/
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
