Synology Archives - Security Affairs

Pierluigi Paganini November 06, 2024

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS devices that could lead to remote code execution. Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. An attacker can exploit the flaw without any user interaction and successful exploitation of this flaw could lead to remote […]

Pierluigi Paganini October 18, 2023

A flaw in Synology DiskStation Manager allows admin account takeover

A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator’s password. Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Team82 discovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the NAS […]

Pierluigi Paganini January 03, 2023

Synology fixes multiple critical vulnerabilities in its routers

Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). […]

Pierluigi Paganini May 01, 2022

Synology and QNAP warn of critical Netatalk flaws in some of their products

Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers. QNAP NAS devices support the AFP protocol to […]

Pierluigi Paganini August 29, 2021

Some Synology products impacted by recently disclosed OpenSSL flaws

Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Taiwanese company Synology revealed that the recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities (CVE-2021-3711 and CVE-2021-3712) impact some of its products. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via […]

Pierluigi Paganini August 10, 2021

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology. The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms […]

Pierluigi Paganini August 09, 2021

StealthWorker botnet targets Synology NAS devices to drop ransomware

Taiwanese vendor Synology has warned customers that the StealthWorker botnet is targeting their NAS devices to deliver ransomware. Taiwan-based vendor Synology has warned customers that the StealthWorker botnet is conducting brute-force attacks in an attempt to implant ransomware. Once compromised the device, threat actors employed it in a botnet used in attacks aimed at Linux […]

Synology

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

A flaw in Synology DiskStation Manager allows admin account takeover

Synology fixes multiple critical vulnerabilities in its routers

Synology and QNAP warn of critical Netatalk flaws in some of their products

Some Synology products impacted by recently disclosed OpenSSL flaws

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

StealthWorker botnet targets Synology NAS devices to drop ransomware

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CISA released Thorium platform to support malware and forensic analysis

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Dahua Camera flaws allow remote hacking. Update firmware now

Researchers released a decryptor for the FunkSec ransomware

Apple fixed a zero-day exploited in attacks against Google Chrome users

QUICK LINKS

Synology

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!