Security flaws can affect all kinds of systems and devices we use. In this case, it is a series of important vulnerabilities that affects Synology NAS and which we echo. It is important that if you have any device of this type, you update it as soon as possible. The goal is to be able to correct these flaws and prevent an attacker from exploiting it to put your security and privacy at risk.
Critical vulnerabilities in Synology
There are several critical vulnerabilities that have been detected and that affect Synology products. In total there are three vulnerabilities rated as critical and one as moderate. All of them can be solved simply by updating to the latest version available. Only then can you maintain security correctly.
These security flaws allow a remote attacker to steal sensitive information or even execute arbitrary commands as long as the victim is running a vulnerable version. This makes it essential to correct errors of this type as soon as they are detected, since security and privacy can be compromised.
What products are affected by these vulnerabilities? From Synology they have given the list of the three products affected by critical vulnerabilities:
- DS3622xs+
- FS3410
- HD6500
The first vulnerability has been registered as CVE-2022-27624 , of critical severity and a score of 10.0. It is a bug related to the incorrect restriction of operations within the limits of a memory buffer. An attacker exploiting this critical flaw could execute arbitrary code. It affects Synology DiskStation Manager models that have versions earlier than 7.1.1-42962-2. The three previous models can be compromised.
Another vulnerability is the one registered as CVE-2022-27625 . It is also of critical severity and has received a score of 10.0. It acts in a similar way to the previous one and here a hypothetical attacker could also execute arbitrary code. Affects the same models with versions prior to 7.1.1-42962-2.
The third critical vulnerability has been logged as CVE-2022-27626 . In this case it is a bug related to concurrent execution using shares with incorrect synchronization. Allows attackers to execute arbitrary commands via unspecified vectors. The three models we have mentioned are affected if they have a version earlier than 7.1.1-42962-2.
Finally, another bug detected is CVE-2022-3576 . In this case it is of moderate severity and has received a score of 5.3. This bug allows an attacker to remotely obtain sensitive information via unspecified vectors. It affects the same models and the same version.
Therefore, in order to avoid all these vulnerabilities that we have shown, it is essential that you update the devices as soon as possible. By having new versions you can correct bugs and prevent them from being exploited. It is essential to do this on any device on a regular basis, as there are many vulnerabilities that can appear. It is always advisable to have all systems updated, with all the necessary patches. In this case, it is about vulnerabilities that affect Synology NAS servers, but the same can happen in other devices.
