Synology is implementing a patch for VPN Plus Server, a software that turns a router into a VPN server. The vulnerability is assigned the highest severity.
Synology discovered the vulnerability in VPN Plus Server internally and has developed a patch as soon as possible to close the vulnerability. Urgently needed according to Taiwanese storage solutions specialist. CVE-2022-43931 received a CVSS3 score, which rates the severity of a vulnerability, of ten on a scale of ten.
Out of bounds
VPN Plus Server is software to convert routers into VPN servers. But an out-of-bounds vulnerability in the program’s remote desktop functionality could allow attackers to run malicious code through the software without requiring special access. The vulnerability is not difficult to exploit and can lead to data loss, memory corruption, and system crashes for the victim.
Synology released a patch on December 30 to close the vulnerability. The advice is therefore to update VPN Plus Server to version 1.4.3-0534 or 1.4.4-0635 as soon as possible.
Synology router manager
Just before Christmas, Synology already discovered some vulnerabilities in the SRM software. This has allowed malicious parties to initiate denial-of-service attacks, among other things. A patch for these vulnerabilities has now also been implemented.
