Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Learn to Build a ChatGPT Bot for Only $30

    March 25, 2023

    Cardano’s efforts for scaling seem promising, but is ADA well-guarded

    March 25, 2023

    ‘So infuriating’: TikTokers are fuming over potential ban

    March 25, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
    Cybersecurity

    Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

    AdmincryptBy AdmincryptJanuary 4, 2023No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 04, 2023Ravie LakshmananVPN / Server Security

    Critical RCE Vulnerability

    Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.

    Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

    Successful exploitation of the issue “allows remote attackers to execute arbitrary commands via unspecified vectors,” the Taiwanese company said, adding it was internally discovered by its Product Security Incident Response Team (PSIRT).

    Users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and VPN Plus Server for SRM 1.3 are advised to update to versions 1.4.3-0534 and 1.4.4-0635, respectively.

    The network-attached storage appliance maker, in a second advisory, also warned of several flaws in SRM that could permit remote attackers to execute arbitrary commands, conduct denial-of-service attacks, or read arbitrary files.

    Exact details about the vulnerabilities have been withheld, with the users urged to upgrade to versions 1.2.5-8227-6 and 1.3.1-9346-3 to mitigate potential threats.

    Gaurav Baruah, CrowdStrike’s Lukas Kupczyk, DEVCORE researcher Orange Tsai, and Netherlands-based IT security firm Computest have been credited for reporting the weaknesses.

    It’s worth noting that some of the vulnerabilities were demonstrated at the 2022 Pwn2Own contest held between December 6 and 9, 2022, at Toronto, Canada.

    Baruah earned $20,000 for a command injection attack against the WAN interface of the Synology RT6600ax, while Computest netted $5,000 for a command injection root shell exploit aimed at its LAN interface.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleVR Fitness Insider Podcast – Episode 4: Cix Liv
    Next Article Grayscale ETH trust nears record 60% discount as nerves continue over DCG
    Admincrypt
    • Website

    Related Posts

    U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

    March 25, 2023

    Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

    March 25, 2023

    OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

    March 25, 2023

    Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

    March 24, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    IPO

    Learn to Build a ChatGPT Bot for Only $30

    By AdmincryptMarch 25, 20230

    Disclosure: Our goal is to feature products and services that we think you’ll find interesting…

    Cardano’s efforts for scaling seem promising, but is ADA well-guarded

    March 25, 2023

    ‘So infuriating’: TikTokers are fuming over potential ban

    March 25, 2023

    The biggest financial crises of the last four decades By Reuters

    March 25, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?