Synology-SA-24:20 DSM (PWN2OWN 2024)
Publish Time: 2024-11-05 15:15:05 UTC+8
Last Updated: 2024-11-14 14:02:10 UTC+8
- Severity
- Critical
- Status
- Ongoing
Abstract
The vulnerability reported in ZDI-CAN-25403 allows remote attackers to execute arbitrary code.
The vulnerability reported in ZDI-CAN-25613 allows remote attackers to read specific files.
The vulnerability reported in ZDI-CAN-25617 allows adjacent man-in-the-middle attacker to write specific files.
Updates of DSM 7.2.1, DSM 7.1 and DSMUC 3.1 will be published within 30 days.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 7.2.2 | Critical | Upgrade to 7.2.2-72806-1 or above. |
| DSM 7.2.1 | Critical | Upgrade to 7.2.1-69057-6 or above. |
| DSM 7.1 | Critical | Ongoing |
| DSMUC 3.1 | Critical | Upgrade to 3.1.4-23079 or above. |
Mitigation
None
Detail
Reserved
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-11-05 | Initial public release. |
| 2 | 2024-11-12 | Update for DSM 7.2.1 is now available in Affected Products. |
| 3 | 2024-11-14 | Update for DMSUC 3.1 is now available in Affected Products. |