Synology-SA-23:04 VPN Plus Server
Publish Time: 2023-05-04 15:09:58 UTC+8
Last Updated: 2023-12-04 12:58:21 UTC+8
- Severity
- Moderate
- Status
- Accepted
Abstract
A vulnerability allows remote attackers to inject SQL commands via a susceptible version of Synology VPN Plus Server.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| VPN Plus Server for SRM 1.3 | Moderate | Upgrade to 1.4.6-0685 or above. |
| VPN Plus Server for SRM 1.2 | Moderate | Will not fix |
Mitigation
None
Detail
Reserved
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2023-05-04 | Initial public release. |