Synology published security advisory Synology-SA-18:01 for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities on January 4 and continues to work with our processor suppliers to incorporate fixes.
Since the only way for these vulnerabilities to be exploited is through local malicious programs, Synology has rated the severity level to ‘Moderate'.
Meltdown and Spectre vulnerabilities have affected mainstream processing infrastructures on the market, including most PCs, mobile devices, as well as servers. Under the premise that malicious code can be executed locally, potential attackers stand a chance to bypass security measures to access privileged memory and steal sensitive data. However, since the vulnerabilities were discovered by security researchers, there is no clear indication of any exploitation so far. As of today, Synology has not received any reports of the product being attacked.
Synology suggests the following to protect your system against potential attacks:
- Install and execute only trusted applications on your systems
- Ensure all DiskStation Manager / Synology Router Manager accounts are known and trusted
Synology continues to develop mitigations for these issues and will release them in the upcoming updates. Please follow Synology Security Advisory page Synology-SA-18:01 for the latest updates.