Tag: CriticalRCEVulnerability

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Risk, Security

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

In order to fix a severe vulnerability affecting VPN Plus Server that might be used to hijack impacted devices, Synology has published security patches. The vulnerability, identified as CVE-2022-43931, has a maximum severity score of 10 on the CVSS scale and is defined as an out-of-bounds write flaw in Synology VPN Plus Server's remote desktop feature. The Taiwanese company added that successful exploitation of the flaw "allows remote attackers to execute arbitrary commands via undefined routes," adding that its Product Security Incident Response Team had detected it internally (PSIRT). Updates to versions 1.4.3-0534 and 1.4.4-0635 are recommended for users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and SRM 1.3, respectively read the complete article Synology Releas...