April 1, 2023

Synology has patched several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest.

First vulnerability tracked as CVE-2022-43931 affects Synology VPN Plus Server, which turns routers into an advanced VPN server that allows remote attackers to execute arbitrary commands.

Advertisements

The second vulnerability is impacting the Synology Router Manager (SRM), the operating system that powers the firm’s routers. The flaws can be exploited for arbitrary command execution, denial-of-service (DoS) attacks, and reading arbitrary files.

The vulnerabilities were demonstrated at the Pwn2Own Toronto 2022 hacking contest, which took place December 6-9. Participants earned nearly $1 million for exploits targeting smartphones, printers, routers, NAS devices, and smart speakers.

Tags:

Leave a Reply

You may have missed

WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
QNAP Critical Sudo Vulnerability

QNAP Critical Sudo Vulnerability

March 31, 2023
AlienFox Malware Toolset -SwissArmy Knife

AlienFox Malware Toolset -SwissArmy Knife

March 31, 2023
3CX Application Malvertised

3CX Application Malvertised

March 31, 2023
Microsoft Azure Super FabriXss Bug

Microsoft Azure Super FabriXss Bug

March 31, 2023
Microsoft Patches BingBang Cloud Vulnerability Exposing O365 Data

Microsoft Patches BingBang Cloud Vulnerability Exposing O365 Data

March 30, 2023
%d bloggers like this: