Synology NAS Vulnerabilities

I'm sure this is available via other sources, but we just read a critical review of remotely exploitable vulnerabilities in Synology’s DiskStation Manager, posted by Symantec Matt at Spiceworks. Bottom line: if you have a Synology DiskStation that not firewalled from the internet, multiple significant vulnerabilities have been published, some of which do not appear to have been patched yet....

>

**** **** **** ******** **** ********:

*** ********* ******

**** ******** *****,

********® ********* ***** ******** ****** (******** ** ***-****-**** *** ***-****-****) which ***** ***** ********** ** **** ****** ********* ** ***. An ******* *** ******* ********* ***** ****** *** **** ******** accordingly.

*** ********** *** ******** ******** ** ****** ** ******** *********** and ***********:

************* **** *** ***** ******** ** ******** *******: *** ******** occupied ** ********* **** ** ****.***, ******, *******, *****, ******, PWNEDg, ******, ** *** ********* **** ***** ** ***** *****
********** ** ***-******** ******: ** ************* ******* ****** ****** **** the **** “*******”, ** * ***-******** ****** ********* ***** *** path ** “/****/*****”
*********** ** *** *** *******: “*****.***” ** ********** ** ** unexpected ****
********** ** ***-******** *** *******: ***** **** *********** ***** ***** under *** **** ** “/***/****/*******”
********** ** ***-******** ****** ****: ***-******** ****** *****, **** ** “S99p.sh”, ****** ***** *** **** ** “/***/****/***/**.*”
** ***** ******** *** ** ***** *********, **** *** ******** encouraged ** ** *** *********:

*** *********** ** *********** ******* ** *** *.*, ****** ****** the *********** **** ** ********* *** *.*-****.
*** *********** ** *********** ******* ** *** *.*, **’* *********** to ********* *** *.*-**** ** ****** **** ******** ******** ******.
*** *********** ** *********** ******* ** *** *.* ** *** 4.2, **’* *********** ** ********* *** *.*-**** ** ****** **** Synology ******** ******.
*** ***** ***** *** *****’* *********** ***** ********, ** ** recommended ** ** ** *** > ******* ***** > *** Update ****, ****** ** ******** ***** ** ******* *********** **** malicious *******.

******** *** ***** ********* ******* ** *** ************* ** *** point ** *********** ********* *******. ** ************* ** ********** *** increasingly ************* ******* *******, ******** ********* ** ******* ********* ********** threats *** ********* ** ********* *** **** ******** ********* *** users. ** ***** ***** ****** ***** *********** ******** ************ ***** being ******** ** *** ****** *** *******, ****** ******* ********@********.***.

*********, ******** *********** ****

***** ****** ******** *** ********** ** ****** ******** ********-****** ** infrastructure ******** ********** **** *** ************ (** ******* ***** ***** of *******) *** **** ** **** ******** ******* **** *** latest *******.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

"*****, ******, ******, ******, ** *** ********* **** ***** ** their *****"

**** ***** ** * **** *** *** ** * *******...

***** ** *** ** *** ****** ** ** **********, * less *********** **** ***** **** **** * ****** ******.

* **** ****** ******* ***** ******* *************** **** ***/*** ***** - ********* **** **** ** *******. *** ****** ***** ** other ****** ********* **** **** **** ***** *************?