Synology-SA-24:22 Replication Service (PWN2OWN 2024)

Publish Time: 2024-11-05 15:16:05 UTC+8

Last Updated: 2024-11-05 15:16:05 UTC+8

Severity
Critical
Status
Ongoing

Abstract

A vulnerability allows remote attacker to execute arbitrary commands via a susceptible version of Replication Service.

The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25607) has been addressed.

Update of DSMUC 3.1 will be published within 30 days.

Affected Products

Product Severity Fixed Release Availability
DSMUC 3.1 Critical Ongoing
Replication Service for DSM 7.2 Critical Upgrade to 1.3.0-0423 or above.
Replication Service for DSM 7.1 Critical Upgrade to 1.2.2-0353 or above.

Mitigation

None

Detail

Reserved

Revision

Revision Date Description
1 2024-11-05 Initial public release.