Publish Time: 2022-12-30 18:25:08 UTC+8
Last Updated: 2023-01-03 13:27:44 UTC+8
Abstract
A vulnerability allows remote attackers to possible execute arbitrary command via a susceptible version of Synology VPN Plus Server.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
VPN Plus Server for SRM 1.3 | Critical | Upgrade to 1.4.4-0635 or above. |
VPN Plus Server for SRM 1.2 | Critical | Upgrade to 1.4.3-0534 or above. |
Mitigation
None
Detail
Acknowledgement
This issue was discovered internally by Synology PSIRT.
Revision
Revision | Date | Description |
---|---|---|
1 | 2022-12-30 | Initial public release. |