Synology-SA-24:20 DSM (PWN2OWN 2024)

Publish Time: 2024-11-05 15:15:05 UTC+8

Last Updated: 2024-11-12 17:00:31 UTC+8

Severity
Critical
Status
Ongoing

Abstract

The vulnerability reported in ZDI-CAN-25403 allows remote attackers to execute arbitrary code.

The vulnerability reported in ZDI-CAN-25613 allows remote attackers to read specific files.

The vulnerability reported in ZDI-CAN-25617 allows adjacent man-in-the-middle attacker to write specific files.

Updates of DSM 7.2.1, DSM 7.1 and DSMUC 3.1 will be published within 30 days.

Affected Products

Product Severity Fixed Release Availability
DSM 7.2.2 Critical Upgrade to 7.2.2-72806-1 or above.
DSM 7.2.1 Critical Upgrade to 7.2.1-69057-6 or above.
DSM 7.1 Critical Ongoing
DSMUC 3.1 Critical Ongoing

Mitigation

None

Detail

Reserved

Revision

Revision Date Description
1 2024-11-05 Initial public release.
2 2024-11-12 Update for DSM 7.2.1 is now available in Affected Products.