Synology VPN Plus Server Vulnerability Let Attackers Execute Arbitrary Code

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

In response to a vulnerability with maximum severity that affects routers configured to run as VPN servers, the Taiwan-based NAS maker, Synology has recently released an update to address it.

This critical vulnerability was detected by Synology’s PSIRT and has been tracked as CVE-2022-43931. Company officials determined that the vulnerability was found in the VPN Plus Server software and due to its critical severity it has received a CVSS3 Base Score of 10 as a result.

An administrator can set up a Synology router as a VPN server and allow remote access to Synology router resources by using VPN Plus Server, which is a virtual private network server.

In low-complexity attacks, the vulnerability can easily be exploited without requiring the user to interact with the routers on which the attack is being conducted.

Flaw Profile

  • CVE ID: CVE-2022-43931
  • Severity: Critical
  • CVSS3 Base Score: 10.0
  • Summary: Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allow remote attackers to execute arbitrary commands via unspecified vectors.

Affected Products with the Flaw

Here below we have mentioned the products that are affected:-

  • VPN Plus Server for SRM 1.3 (Upgrade to 1.4.4-0635 or above.)
  • VPN Plus Server for SRM 1.2 (Upgrade to 1.4.3-0534 or above.)

There are a number of severe outcomes that can result from out-of-bounds write vulnerabilities, including, and among them we have mentioned a few ones:-

  • Data corruption
  • System crashes
  • Code execution following memory corruption

In a second advisory issued last month, Synology indicated that multiple security vulnerabilities in Synology Router Manager had been patched and rated as Critical severity in the advisory.

Gaurav Baruah and Computest are credited for reporting the vulnerabilities in the SRM advisory. In the context of Trend Micro’s Zero Day Initiative, they disclosed the vulnerabilities.

During the Pwn2Own Toronto 2022 hacking contest, they demonstrated these two vulnerabilities by exploiting them. The exploit he developed was aimed at the WAN interface of a Synology RT6600ax router and earned him $20,000 for it. In order to gain access to the device’s LAN interface, Computest performed a root-shell attack and was awarded $5,000.

There was a total of more than $80,000 earned by the participants who hacked Synology routers and NAS devices at the Pwn2Own contest.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book