Vulnerabilities of Synology DiskStation Manager, Router Manager or VisualStation With Intel or ARM CPU
Security advice for Meltdown and Spectre vulnerabilities
This is a Press Release edited by StorageNewsletter.com on January 17, 2018 at 2:21 pmSynology, Inc. published security advisory Synology-SA-18:01 for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities on January 4 and continues to work with its processor suppliers to incorporate fixes.
Since the only way for these vulnerabilities to be exploited is through local malicious programs, Synology has rated the severity level to ‘Moderate’.
Meltdown and Spectre vulnerabilities have affected mainstream processing infrastructures on the market, including most PCs, mobile devices, as well as servers. Under the premise that malicious code can be executed locally, potential attackers stand a chance to bypass security measures to access privileged memory and steal sensitive data.
However, since the vulnerabilities were discovered by security researchers, there is no clear indication of any exploitation so far. As of today, Synology has not received any reports of the product being attacked.
The firm suggests the following to protect systems against potential attacks:
• Install and execute only trusted applications on your systems
• Ensure all DiskStation Manager / Synology Router Manager accounts are known and trusted
The NAS company continues to develop mitigations for these issues and will release them in the upcoming updates.