Synology-SA-23:04 VPN Plus Server

Publish Time: 2023-05-04 15:09:58 UTC+8

Last Updated: 2023-12-04 12:58:21 UTC+8

Severity
Moderate
Status
Accepted

Abstract

A vulnerability allows remote attackers to inject SQL commands via a susceptible version of Synology VPN Plus Server.

Affected Products

Product Severity Fixed Release Availability
VPN Plus Server for SRM 1.3 Moderate Upgrade to 1.4.6-0685 or above.
VPN Plus Server for SRM 1.2 Moderate Will not fix

Mitigation

None

Detail

Reserved

Revision

Revision Date Description
1 2023-05-04 Initial public release.