New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

By Newsroom

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account,"

Related tags
October 18^th 2023 at 06:48

The Hacker News
Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
January 4^th 2023 at 04:28

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

By Ravie Lakshmanan

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the

Related tags
January 4^th 2023 at 04:28