Synology, the manufacturer specializing in network storage systems, has again been affected by critical security vulnerabilities. After the Netatalk vulnerability in April and the critical vulnerabilities in routers in June, this time the NAS systems from a total of three different series are affected. A corresponding update for DiskStation Manager is already available.
Synology security vulnerabilities in DiskStation Manager
The company itself classifies three of the total of four Synology security vulnerabilities in certain NAS devices as critical. The fourth has only a medium security risk, according to the manufacturer.
The critical gaps allow attackers to execute malicious code on the devices from the network and overwrite the limits of the buffer. Updating the firmware is strongly recommended.
They are located in the out-of-bands (OOB) management of the NAS devices. According to the manufacturer, affected are products of the series
- DS3622xs+
- FS3410
- HD6500
A firmware update to version 7.1.1-42962-2 or beyond is strongly recommended by the manufacturer. This is to close the critical security holes. The update can be downloaded from the manufacturer’s download page or via the integrated update function of the NAS systems.
