Synology has raised an alarm regarding a significant security vulnerability discovered in its renowned router VPN software. This urgent notification serves as a proactive measure to ensure the safety and security of Synology router users worldwide.
In an effort to safeguard its global user base, Synology, a prominent player in the technology sector, has unveiled a critical alert concerning a major security flaw identified in its cutting-edge router VPN software. The vulnerability in question pertains to the VPN Plus Server software for the SRM 1.2 operating system utilized in Synology's routers. Exploiting this vulnerability allows attackers to remotely execute SQL commands and gain unauthorized access to manipulate files. While specific details are not disclosed, the severity of the vulnerability is categorized as "moderate" by Synology, but the German cybersecurity agency BSI rates it as "critical" with a CVSS base score of 9.1.
Synology has promptly addressed the issue by releasing a patch, version 1.4.6-0685, effectively resolving the vulnerability present in both the 1.2 and 1.3 versions of the operating system. However, the company does not provide interim countermeasures against the vulnerability. Earlier this year, Synology successfully addressed another vulnerability that allowed its routers to be exploited as VPN servers. Attackers could execute malicious code through this backdoor without requiring elevated privileges.
Synology's swift response to security concerns reinforces its commitment to providing a secure and reliable user experience for its valued customer base.
Synology Issues Critical Alert for Router VPN Software Vulnerability
