VPN Routers From Synology Have a Maximum Severity Vulnerability

(CTN News) – Synology, a Taiwanese NAS maker, has patched a maximum (10/10) severity vulnerability affecting VPN routers.

Synology’s Product Security Incident Response Team (PSIRT) discovered the vulnerability, tracked as CVE-2022-43931, as part of their investigation into the VPN Plus Server software. The company awarded the vulnerability a CVSS3 Base Score of 10 based on their findings.

A virtual private network server, such as VPN Plus Server, allows administrators to configure Synology routers as a VPN server. This way, remote access to resources behind the router can be enabled.

In low-complexity attacks, the vulnerability can easily be exploited without requiring the user to interact with the routers on which the attack is being conducted or privileges on the routers.

It has been discovered that a vulnerability in a vulnerable version of VPN Plus Server could allow remote attackers to execute arbitrary commands on the server,” Synology stated in a security advisory published on Friday.

An out-of-bounds write vulnerability in Remote Desktop Functionality in VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands through unspecified vectors via an out-of-bounds write vulnerability.”

In the event of an out-of-bounds write vulnerability, serious consequences can result, such as data corruption, system crashes, and code execution because of memory corruption.

Fortunately, Synology has released security updates that fix the bug and advises customers to upgrade to the latest version of VPN Plus Server for SRM (Synology Router Manager) in order to mitigate the issue.

Synology issued a second advisory rated as critical severity at the beginning of this month. In this advisory, it announced that it had patched multiple security vulnerabilities within the Router Manager software in order to prevent further attacks.

Several vulnerabilities have been found in Router Manager (SRM) that allow remote attackers to execute arbitrary commands, cause a denial-of-service attack, or read arbitrary files through a vulnerable version of the software, according to the company.

In spite of the fact that Synology did not list the CVE IDs for the security flaws. However, multiple researchers and teams have been credited with reporting and patching the vulnerabilities.

At least two of those researchers successfully demonstrated zero-day exploits on the Synology RT6600ax router during the first day of Pwn2Own Toronto 2022.

In order to perform a command injection attack against the RT6600ax’s WAN interface, Gaurav Baruah received a reward of $20,000 for executing the attack.

The same Synology router was tested by Computetest, which was also credited in the December advisory, as it was exploited by a command injection root shell exploit targeting its LAN interface.

SEE ALSO:

Airbus Plans To Invest In Minority Stake Of Atos’s Evidian – Les Echos