The Hacker News

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account,"

The Hacker News

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the