Attackers could use security holes to remotely execute program code on vulnerable devices. Some secured versions are still pending.

(Image: AFANASEV IVAN / Shutterstock.com)

From

Olivia von Westernhagen In two current security notices, manufacturer Synology warns of several critical security vulnerabilities. They are stuck in the web-based operating system DiskStation Manager (DSM) for Synology network storage (NAS) and in Safe Access , a software for network protection and device management in connection with Synology routers. The information in the security notices is unfortunately very vague: According to this, attackers could exploit the loopholes to remotely execute any program code on the devices.

SafeAccess versions from 1.2.3 – 0234 upwards are covered; Users should upgrade as soon as possible. In the note on DSM, Synology DSM 6.2, DSM UC 3.0, SkyNAS and VS 960 HD as vulnerable . So far there are only updates for DSM 6.2 : A upgrade to at least 6.2.3 – 25426 – 3 closes the gaps.

For the other products the DSM updates are still pending (status “pending”). It is therefore advisable to keep an eye out for updates to the notice published this Thursday and to import them as soon as they are available.

Synology-SA – 20: 25 Safe Access / Release Notes for Safe Access Synology-SA – 20: 26 DSM Secure the NAS properly – it works with these tips (hot tips + tricks) (ovw)