Synology Product Security Advisory

Protecting Security Information

To ensure information security, Synology advises you to encrypt messages to report a vulnerability by sending emails to bounty@synology.com.

1. Obtain PGP

You can obtain PGP tool from OpenPGP. In addition, GnuPG is free and available.

2. Synology Product Security key

RSA

pub rsa4096/DA33F457 2021-05-21 [expires: 2026-05-20] 04EB 45A5 210C 2185 610D  9BD7 38D5 EE36 DA33 F457 uid Synology Security Team <security@synology.com> -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGCnKZkBEADPV9GI9kTovzeck7nIsBOJW6S+cxjRdpbVNMR39LL7YLYJa+5H e0RVi3mMpG+BLxQDfMFgNryOHeBGZnYhy8t2F2b2F/0VJzKdC1d/MJril1KjYvQN WPulN69+z+dP9q75ZsYR3Esb4aa/ufWGlo9ccL82bCMOKlRE3/chl+H9hGAEGKnu 5j8NtJgaiGLme/ZzV+u7EnHm857U8sf9nINiZu5BmgzYPyKINtOb9T9U+jPNI+Ad wvHJVWH60qXj1VJ/KN+K5TNcKcaphNn8kV6HbkFNQ4Ds8e9A67pxQZVC4gLcoqo8 z0nkOQFNMmCn/X5o0igqCjWaDv9t63TV4xzbtaVZS1uvDUgvWziUdkUIJhlJmeqz DA4N6iomOZiAiMfQKj0ESuJBacqvkYd8qhLftpsFCAiQ5LYk/Ts8Tz54aK6fNQpy oRYX+sq1GERcH8ADmbElYaHRoYWgpWeCe7/Fn9Oooch7UTdgSqHvrmM1s9xYNkF/ t38sG6+LSc4x9CwFSD3Jz1RQ0lyumgZr3j9Zhfgy0FrJrazws+tBtHnLxyeYntkJ 9MuEBi0xnSYj0jdX6VOu5jXNu2gs4g+RSfdq2ybOuv1V8AF6y9O7Ka5QTXT0iG5i sx56Hrq6d3k/ouerw19QZR/hz2eBkjG9qhKmNgWb953OcCYS922Jt2GqEwARAQAB tC5TeW5vbG9neSBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzeW5vbG9neS5jb20+ iQJSBBMBCAA8FiEEBOtFpSEMIYVhDZvXONXuNtoz9FcFAmCnKZkCGwMFCQlmAYAF CwkIBwIGFQoJCAsCAhYAAh4BAheAAAoJEDjV7jbaM/RXm1UP/1hXgjlrWKk9j9eu vOxqgHsxTZOkKxHnijKPzYOfm0HznXHQbkqYaeBOiKmp/1A9RChDBnmi/ncAVeng n97oJV9pbYbk5vaxhnyWGSROhAgFeoP4iYBC10SkNDBy8GiKUQ6ODqHKlGaUzU+O KHQ86Tz47FBGvm1qKAX8Vq3S3NFdp+rFhibYN2UufW2HcsKsnBtf7m9cuBeB3/q5 I+5sfTnbO/mPvP4GqXatGuxZoTFh6nw+A0kiUyrMTZaF2KqPDNogaqDeFN+bOOEw QrjCBbMzGJ7Y9/CKhoJPtKlUPLexlcb3V/KGB64BZgYqDnP8FDxf8tsJJiEnc4je 3SxXMQYULoGnuOmgBj8zBiGUo90V3nc/Hsy8qxHgTlhs80NnCm0gPlIxGLu/Za74 IDrLsrA/Rumxt5yG1r9q6+VC1G3jZVFEjQHOPDWgCdqZEK6652ks+9Iob0xHYTGL jWLgbuhdvJyRb5VNKTJPcwJns/Ak6Ve+8d0y4U8dz6VC3qrxUzFHrzuiWsw/DvS9 /NHs+osMv0ooLaeWJmuJtbNwIu1ldppcU5HzIrgBk2JG0op+JMKRO2TmuwESy0e0 fibNkYcUow6DNZua8mQerWSr62leIAFybvqayZmLLh1Q0zxuzwjKTr1vAMpKjaMg EVAcOPwDIA4XpsMxfK81LXRhJ3aHuQINBGCnKboBEADEF9Oraqj9ZVmSdj4YGbll BcLItKbh2vIPgMVBbVTbI0EUaEbPieoOQxvfR7idXBvJwIUu7/um5eNtjszw9Jne gPVKts+MqhpR9JuHWjECU/m5GoHLJHre+GIHLMSPYUM36FNx+v7729hW9FwlGiEB MBaHLYWp9L47ACwCWzSCzW4lfbTFy6StvlAj50H0DbRNbkKWOZgQTd2nFVRms/1E Mq3z3cqD4UBr5oJgEvGDWvew0unbCwSjT2AW69N9+UHjW3lRV42pmVCXjJQU6i/9 Bn76qPDzlPBWl9oINR/VAsS/WorxNkyQtsomfglXnT2nzSKGVbiaG2A6S2++DwHT Lr8xq8HyST4F7Or7/IzkpmV04X3l1tN6yrCUN7Y0lTVw/u7EsJtNl0gS2BAAMFJm 8Z2Blq+k1Tak8KX8VJ6mhgkn/cbWUZmw7xlVqeyU9ceVHlvsLThepi10VBc7txPg 8mvexgtrpXr9ysYeTLpj03NMfI55QirzFigNZJsV0QewPpSTk7VM1EaMnVUYz437 b6q5LKPs8zEsDli51K9X5m5XFDNvOR7PSmUeMB3YJIVETYNy1Wvfb6qVp3JKgShX rQiQRdGwweBFH7S1t4q1DICAcg3PzhlZHTW1PBhvol6KYiLrVhBPZDSSgk5eplEW 8HgoWwnUrflDLetkzl99wwARAQABiQI8BBgBCAAmFiEEBOtFpSEMIYVhDZvXONXu Ntoz9FcFAmCnKboCGwwFCQlmAYAACgkQONXuNtoz9FfxFBAAvflCc4Qhs9DH3l28 AkvA5vZDVys2jQ6o1SZJVvqa17caMk9OGDTOZ/6GZ35NQSFzyhnFtYJ8eo2KJ6zy D5CGCddI+8zPYUhjorvA2jMUbMnNaFJ/1TeHOsR4JSP9H5FOQkAxQg6W2QndmRLz NeVtHXtlQNqbO2+vvAgSCu+s3lQkvwyRKOfqDGt+b0Y0PuimcfqlZeiTxRveSzkC Tf7sYbHgbR4iLEAPWM8LNI7ikn/OZ5K8G0KQ6Oe2CN3bSzKL9RLizKPGlv9FuyAF j0lFpCXTO3SZ7l8oti7A9zuJrdNlUJnotMHu4NOsGGvs3bt3QizPLc4gCmH6rhYl yznJZwJKdL2hlij60se20mgV30WKBZNHo4XEHClosTGmHikDl8hGDt29g3JBy2hT mJ7Cz6eu7kYMJZm9l5o77ziH0udxcD79PScRwQuads1a0OAuBloGQBPAPF62fSmU xgupd+V2THyB2oKj27fuYe7OSXmXjjGd6QfgMNspWMMIsXvSQYLuosYPkyNSGhk/ Ccb+FYmzR1L572yfcr2X6Kt58V18AxrjtQRG3dRUuIwd4NyV8wVYHZesWouUy15D Uc1BKtllRIBYmI4pgmnYEeUrrcl4owAYa1IFD5qip/KhoS1Q43Gac3ikSKeQO+26 HWsxjeLp67xtucBWVBhbdzyE3Uw= =NcDS -----END PGP PUBLIC KEY BLOCK-----

Deprecated

pub ed25519/E9FE2B61 2016-07-01 [expires: 2021-06-30] 7A93B308018161BB2C476A5972D43FD6E9FE2B61 uid Synology Security Team <security@synology.com> sub cv25519/E41E349B 2016-07-01 [expires: 2021-06-30] -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEV3Y/OBYJKwYBBAHaRw8BAQdAuriCxCHn5pv5c5YWaqQpwrC57z4ePvRa5EfZ LYy6eXi0LlN5bm9sb2d5IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHN5bm9sb2d5 LmNvbT6IlgQTFggAPhYhBHqTswgBgWG7LEdqWXLUP9bp/ithBQJXdj84AhsDBQkJ ZgGABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEHLUP9bp/ithtuUA/iKuCY/D 1z76/+Vbe7UT7KrRiNA9kjxNHUpgqqYGOx+AAP46ZjajLp0QzDl/ZF6VYwODtFtA zwa5QS05eiWmTnCICrg4BFd2PzgSCisGAQQBl1UBBQEBB0AaazZz4JCGxDmaL29J oyFrpERp7XGs4sC/pnRGOOZwMwMBCAeIfgQYFggAJhYhBHqTswgBgWG7LEdqWXLU P9bp/ithBQJXdj84AhsMBQkJZgGAAAoJEHLUP9bp/ith39sBAP115/7xTbYWvQ3C oi1dlqp4jBggkFgIaMbMgn8xr+tUAQCAYO5XDnORUlAMRue9rnDl7Xpii6FZ5Zd3 FlFJoTaVCQ== =W2DQ -----END PGP PUBLIC KEY BLOCK----- pub rsa4096/CDCD96DD 2016-07-01 [expires: 2021-06-30] 7187F8E11AC0A1D5EBDB53CA3F036844CDCD96DD uid Synology Security Team <security@synology.com> sub rsa4096/15EB6095 2016-07-01 [expires: 2021-06-30] -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFd2P2sBEACzGbm+AQoI6eyqTl/BZ3vTdbeJiR3V+6wlzKwl2SAx3m3UpQGj ZYLMpFS06DNT6HS2njcnqazGeLM4E4WvTdcGQgSGeJJ9FnX+DEDlXM+7+h6sBPCr rm5RrCV8r+eDybajRKy90eUky/5KDX0WIFZ1BrJHve4x5VqqoGFL+6ecdV36si/Y eWpd8AP9dPJ35ukpVPrdpinlp3GR19wIuxiihcsT+4Ue+2ZQjeDr0pt3xEXWEutP V60m3f+MbuP58qH6qpGqdslrrjdXNnwEpGYLSO6nk6W735v8BJr+E2sOiZ9taVLN kxgdsRV18T+5D8TEaA0zme9wkYVpOj1mPgX/FH5OtRxRdSo+tNCBazIqizrpDeQx 0Chn4Ubnee8kYUCs0E/HgNQGiw2r/WHSr+hfjMn31OMdKC2WOECNJFRfex5P47Xb s8YnKAg9sDOck9gLLlijLr50FBpr0XyjK5vKutKQxlCaQJQBxyyIuFbsMMdOBNrd wuoM0i5Ot8CW4p3xUedv9jR53r/iOF3GUDn8IsYz2gDzYwM1qdPN9NuMT1kuoxWf sWgRd8a0d5hm8ZUWzH0hwDAY2m0rmWGiO2KfDPkkkWCsWGI4xMQHzTRVnZTWImFp pMT8D8Kc8AiVenKPnvWrlSYdqW0T8zOOkNouIEOZokmcX2h2sAsC21/rEwARAQAB tC5TeW5vbG9neSBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzeW5vbG9neS5jb20+ iQJUBBMBCAA+FiEEcYf44RrAodXr21PKPwNoRM3Nlt0FAld2P2sCGwMFCQlmAYAF CwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQPwNoRM3Nlt1KEw//etlfaG8DSZ28 ct4x+tG/Zi9oxZhbMHnaF9jtdIc7iqmIcP3xZ14KoUbkpslsnv/1uqmR8pgwFAvR ujFGMPenlKrdyMR9erEdZ+/Q9MC5KsmHJNtLShBfZlAOnGYD0Fu0P8Fq8qf0dirG ckPQnctB2iXweBub6gE6ntvfBNTuslLlLjKGAsmkVfyjRs3+SpS6Ip1Hk8qzNFNL yPpYh+0yVJeiWDwPBylYqhLc8iE+8xzo+ADGZXwzKLF0KPdakrVT2eFWOEOmUoV5 Dh5iMMPEqjRcsGweQjdljnOQBTNYHjIWBDgdWFMvM3LiEWAFRu2TxajwK3EH5tBC ab4NT4waVJ/FuzF721POuVTXgKy4n7IJ6kfMT29uXhGg7s5/pXzfgARe2Vma1TDi boUv57OFKunSg/ULOQheijsnWJM8e8yEgvnU312mRiOjozZJPx6UFVY2q5210BwC lhwwdQt5YoR+pUfnZWz+p9BmXyz2CALj2XiISXaLyjQMzDWmnlPWpWObmZBB+9GQ u7SlfNmW7l3SFAbM7gwVeTgIn7pHwRGOw7CSkWhhrq8QhwNjRPF7mt/wj5z/3ZaV hMNHEFc8gwv94s17e13sh3UB1ASGgOm/h5fJGc0962MtDTPUqEMviaHgK2LP7Yzw p10IsO9C7qge1yTxOqei2mpNySNXcna5Ag0EV3Y/awEQANqiROPe/teJR09ak29e 28T3v5TRphpNGoL9/622ehRszYaeW+thI68PBYF2OoBMezUS8Y6CHyyT2jZKJzhA Mf5aFenySGSQ1ZLnPTlqWlsa6XhQeb1qXwmc4ptm7XnLkCNRwG1dIJ2aO5DcF5dY bvIfZi9fFfp/cSyrxd0Z1nxoTrvGFHDJBoqoDpgSTErXMUdO9hs+1l9KbTNcxQYP Blt44kcDcvGQ9WCB5bGU1mZn3uEkYqWd06FTTnR1kpxHWJVLqd6p/p3RjrMBqTnv 6hwJdt0GG3h3gHhXGGwopXAQjnz25lM3lvLMN+/De5dKo68+P022RnSirX5Kytlj jZMgkWxFwlGV+HFMVUwyyqB3aLehVUSzB8kRz+EJH3EDazCd9lN1TNoZMEBKN+AM ekXstxEMlPH9T8RZz1OGvqRlt+Xv8Bi4iX22AZGqxhbcDR4nZ0mtwB7M9tRoxHZu V+zCakecbgQdZ2HYd/mnlHY2XGybBWdCMqPckt5FLNAjQERWd3BLsV2JMAnyFS4d HKi4/WDD9FNN0wumRckc+ZHhIwdQIJojQGfcSbBT6aKczWrDY37++mEBlBYITim7 QpAoWJX8Z7h4CnOS5vo2WraaHy98KADkfZCCll6j4GOC8Zi6ZlddNDkaRWSH6Png m4Zl9hGc77EB8LYUOLovdB8RABEBAAGJAjwEGAEIACYWIQRxh/jhGsCh1evbU8o/ A2hEzc2W3QUCV3Y/awIbDAUJCWYBgAAKCRA/A2hEzc2W3RWDD/0UK8P1pATl/e0N nzcfKXb0qRdXnaNVsz83Cgxgqr6EveUnunlPqmgPb3ykpDmx5fQRMDcund1Bascw MFIMTLk5aHks/EKNGLJgZ10XkkTGI4z5MxpyaYAs5PVTe51IVVtMR9dpsI6uu+0m vzPF0+13cG+Ofdxy2gkRReiKMC1UvQdLnrvNKc8LC7z4cVqwkxUWBxXKZ8GWaDqQ IUl1vtdBy61n2uJgDSMINKZiejNmeSy+VLiZ0V4MRP7KgQVEFy7cI7f5MIckElD6 Fdidj9fhRIKQ4FKTil6UN1BWiup69z7+zV/c1Te22cdaomZBfpCq+gSIBk0qkUUH JLghyrVWcjc4GNRTETLWMbQWx26376qFgrhcGe9uzvSgKoETMUcUocCEH/Admd8y Ks4m8CsjNlMK+QSCl/I3swOQN5uJIJTvS3fr10eFl2mirkMgNX3E4WyNCpIhwHO0 Ow9npUdxQ8fIKOI+v5Hw/Qjk7UD9krszbsmpE5NhQY0lv6+dVx7PTGsDfM2TS4cX UmDEgjAkzsy3jGjdy97oatVwO5JUaPPrscbSrZ6W4z5ofFrGb/U0VaOprTjdQ4oz 7Ic2e6zL/oE0rqLmybNtTliytHBZjB8RFHs0J7aJwKF3u36s+7VwJSOnMbjMFPl/ iD9uEKQQdcCYN61gFTLgf2vFkql06g== =RAtH -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQMuBFMjAGoRCACBXLLPzxvTSxAOpfaWD+3Az0MNsE+RRgu4IDK49zRgsvWhqGrV jWxrTo4vgXg7iyxYg2ZNLQkZDN7JKG4qq4iC2SBIvniyxGY0bBGpN8PA4nQ9mew6 CSbAfnMD5uwprqBKb/RKUofdU7BeW9CNc5aw1i3NFw5YGOhBJsjK/dd2kp3RQSYh SKRdYqrOBeQ65OnYxXXbXbaSLfOML+XytQ3YdtX/8kDYuFWcQiAscJunpom8PGw+ 0MIPnGNek6YePxw2vy5Qhv1tJODWpe+NXEWwoNb3GIxiMJ67liQfhY4dtnjhSGOl vUO7HOEYEJvfivkTnoG1bv/s5CPF1Qy9yyn/AQCDINA3gXT/fUteNqaaR3c+TNyX 7DbNh9wA64FCPLveQwf9GraX29JyCI92rJnsK/ewYyzO/OQXHTTThZlci3r6AXLV 7u/kLVx/6CE2v/FVKUfIWRNV2Y4uKV9XikUztHzxxj7rGY+5LXSdDy4ORyOrOCYa sczFh0XZDybJUMRy69F3HVCM4CEKZfglRLMg2U5mzt61nltRJl1c1s8I42fVRv/4 DezLCCMNBkfIXoB4zZA6i27WQ0RSdx5j2Yc56FWT/CdQJJ3J/7HDtXZMVI6w0S8g I0HhpTJeQcjjdGVEQdDCjaLhuBOBVAEuVAn2i8anBF34/6pGCPEraAERd0C3cI9t BnCF5VXaekxlIEUGESCD7j+4zqvbfp41vgQ1+MaE5gf/U38PJNHux5IppJfu7lPM 08G2uDnvsAA+Qm7Yl/YXcFvOTOtLplVNsmF081BiYcJwYS/FIkosuHB2bwEBx7sc GBR5YxICZZMNAZ/1w9sxjQrjcyfTMnbjE8+j4G9LbFSf5tOPxtpg+pRvOpsePWjO 9oJDqMvNDcVmlYLYzga22f89j2CT4iGMDUbq+pBuar4T8YVes+NpOs09WVfOSWov 8zvU1RF2+lcUk3iI4dESo4Mm3Yxrtk1Z29RaRz55fSmXBGpRxWg6gEg2LLXCOYvb NkA8fVIJo8sRwOsOggsd52D1mf02tQfGa1cTilLXEBYVfkpdNo+sD1Rp58uzvbId XLQrU3lub2xvZ3kgKHNlY3VyaXR5KSA8c2VjdXJpdHlAc3lub2xvZ3kuY29tPoiA BBMRCAAoBQJTIwBqAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK CRAcK6GTktbjQ3iRAP91Q0w/syONP0TLJaUybiLG54jDC2j994QtJ4bOPwdLiQD/ fqJSOW/EXPYCcNGRQChoQM0ph6EovFkg0szzSgnnzb25Ag0EUyMBRBAIAK1CWyis LgIZQ1DMEkV3oA04JSH7FV3daFVMW3TJ9HHHE2/WG41Q3Kin+9fZ4BwH0BAzLDpA ruh4KvOPQWMmVyoerjiZjN0q5gNnBpfORgjAvsvd4KX0Be+KGPr7dEsvt5vjkScG 6f+Pe4Ge8VtUni4YXf3YI13jMzeL7Mp3GPsBGx/ZW7hxamNEfmC1/eMTrTwDzw2w IayLfchyA27xXg0YyhAck6FQy1ttQSDmtu/4tFgt9kk07VKKItDeKZeNffbiEHGc 3IerzJgCcm3Z1qgWpvYHL5FkAZlP0CixZpjgzvqs1txbnPBiF0Ac3ryf3By+BIRA mmLPCSr58r9WT2sAAwUH/RY8agPtTdqTdKyuwgqOUq5mvcC4IV9JwBPuLGKCg4Tn NC0I0pXLkoKxhzdCPwc8OP3J2f++HXS43j/SLAeJ+ZmvgU1y1jjl9BDd2J2U3iA8 lrm4cTuRzxMB3sotwvL58rnknVs+v4fWC6vniOgzaQq/GRRv/ECGoiK7dAUl6E2t 5mMm3zxPn1L2a9PbLIAu6haVxjY8ThegoW0JxsrB64uGhGqAPYQ0mRKHwAadXE62 nkaKoJ+Aosn3rSQulnhZzYSJh6MPo0RtHCQ3C2PwaiQyRGhBCYnfq1pGYSm1zzLV VyX/48GIedfIBJ3O9l1MuuzyMRtJP/iu7IuNd6BYapKIZwQYEQgADwUCUyMBRAIb DAUJCWYBgAAKCRAcK6GTktbjQ/7ZAP9whG0sjiIoC1osoeJiLgt21NsqCdBqWjKN vPM5EAgPJgD+MxxPrXLSC5yChDRugTp4bT264SEKIwx7Pt95F6pYZ94= =UHcA -----END PGP PUBLIC KEY BLOCK-----