Synology-SA-24:22 Replication Service (PWN2OWN 2024)
Publish Time: 2024-11-05 15:16:05 UTC+8
Last Updated: 2024-11-21 19:06:18 UTC+8
- Severity
- Critical
- Status
- Resolved
Abstract
A vulnerability allows remote attacker to execute arbitrary commands via a susceptible version of Replication Service.
The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25607) has been addressed.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSMUC 3.1 | Critical | Upgrade to 3.1.4-23079 or above. |
| Replication Service for DSM 7.2 | Critical | Upgrade to 1.3.0-0423 or above. |
| Replication Service for DSM 7.1 | Critical | Upgrade to 1.2.2-0353 or above. |
| Replication Service for DSM 6.2 | Critical | Upgrade to 1.0.12-0066 or above. |
Mitigation
None
Detail
Reserved
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-11-05 | Initial public release. |
| 2 | 2024-11-14 | Update for DSMUC 3.1 is now available in Affected Products. |
| 3 | 2024-11-21 | Added Replication Service for DSM 6.2 to Affected Products. |
| 4 | 2024-11-21 | Update for Replication Service for DSM 6.2 is now available in Affected Products. |