Various vulnerabilities affect Synology NAS
From Synology they have revealed that it is OpenSSL vulnerabilities. These are recently discovered bugs that affect some NAS server models. Specifically, they claim that they allow remote attackers to carry out a denial of service attack or execute arbitrary code through a susceptible version of Synology DiskStation Manager.
The vulnerabilities have been registered as CVE-2021-3711 and CVE-2021-3712. These security flaws affect different Synology devices such as DSM 7.0, DSM 6.2, DSM UC, SkyNAS, VS960HD, SRM 1.2, VPN Plus Server, and VPN Server.
If we focus on vulnerability CVE-2021-3711, this is a buffer overflow in the SM2 cryptographic algorithm. This often leads to device crashes, but also allows an attacker to execute arbitrary code and have control over it.
The other vulnerability, the one that has been registered as CVE-2021-3712, it also causes a buffer overflow but this time during ASN.1 string processing. This flaw can be exploited and lead to the blocking of applications, DDoS attacks or even gain access to content within the private memory and thus steal passwords and other data.
Security patches to correct the problem
At the moment, at the time of writing this article, from Synology they are working to launch security patches as soon as possible. These updates will correct these vulnerabilities and prevent the devices we have mentioned from being exploited by an attacker.
Also, Synology is currently working on security updates for different vulnerabilities that affect DiskStation Mananger and that endanger various devices like DSM 7.0, DSM 6.2, DSM UC, SkyNAS and VS960HD.
These security flaws also allow a remote attacker to execute arbitrary code through a vulnerable version of DiskStation Manager.
All of this shows once again the importance of having all the security patches in place. Whenever a new one appears upgrade it must be installed immediately. It does not matter if it is an application, a new version of the mobile or computer operating system or anything related to NAS systems, as is the case that we have discussed in this article. In this case, it is about vulnerabilities that affect Synology NAS, but it is something that can appear on any model.
It is essential to preserve the security of a NAS server. We can take into account certain tips that prevent the entry of intruders and that cause our computers to be at risk, but something essential will always be to have the latest versions and patches that appear.