Synology has now released an update for Disk Station Manager (DSM) 6.2 firmware. It fixes security flaws revealed at the Pwn2own security conference in Toronto last December. For DSM 7.1 and 7.0 as well as the router operating systems SRM 1.3 and 1.2, updates to seal the leaks have been available for half a year.
At that time, Synology did not explain any details about the security gaps – the manufacturer only provided the information last week. In the current version of the security advisory on Synology’s Pwn2own vulnerabilities, more detailed information is still missing.
Synology NAS and Routers: Critical and High-Risk Vulnerabilities
The newly available details explain the vulnerabilities that are fixed with the updated SRM firmware versions. Due to insufficient filtering of passed parameters in CGI components, attackers can abuse an “OS Command Injection” vulnerability to execute arbitrary commands and their own code (CVE-2023-32956, CVSS 9.8Risk “critical“). A comparable vulnerability affects the DHCP client function of the devices (CVE-2023-32955, CVSS 8.1, hoch). Another vulnerability in the CGI scripts allows attackers from the network to read arbitrary data (CVS-2022-43932, CVSS 7.5, hoch).
A potential buffer overflow in the CGI components due to integer overflow or underflow also allows remote attackers to execute injected code, but is considered less sensitive (CVE-2023-0077, CVSS 6.5, middle). In the absence of more detailed information in the security notification on the Pwn2own vulnerabilities, it cannot be clearly classified which of the vulnerabilities are closed with the update that is now also available for DSM 6.2.
However, names appear in Synology’s acknowledgments that point to a vulnerability that attackers can use to inject malicious code onto the devices from the network. IT researchers from Sonar have demonstrated them, but before them Gaurav Baruah. It appears in the context of the Zero Day Initiative (ZDI), the organizers of the Pwn2own security conference. The first updated operating systems that filled these gaps were SRM 1.2.5-8227-6 as well as 1.3-9346-3 and newer.
According to the now updated Pwn2own security report, they were the first to be equipped with the versions mentioned. In January followed the update for DSM 7.0 on 7.0.1-42218-6 and newer. When 7.1.1-42962-3 and newer ones were available, the note does not explain. However, users of Synology devices with DSM 6.2 should update quickly 6.2.4-25556-7 update or newer to seal the gaps.
(dmk)
To home page