Synology-SA-21:29 Samba Security Advisory
Concerning allow remote authenticated users and man-in-the-middle attackers to obtain sensitive information and bypass security constraint via susceptible version of DSM NAS OS, Synology Router Manager and SMB service, or Synology Directory Server
This is a Press Release edited by StorageNewsletter.com on November 23, 2021 at 2:01 pmSynology, Inc. has published a security advisory concerning allow remote authenticated users and man-in-the-middle attackers to obtain sensitive information and bypass security constraint via a susceptible version of DSM NAS OS, Synology Router Manager and SMB service.
Publish time: 2021-11-17 16:39:06 UTC+8
Last updated: 2021-11-17 16:39:06 UTC+8
Severity: Important
Status: Ongoing
Abstract
CVE-2016-2124 and CVE-2020-25717 allow remote authenticated users and man-in-the-middle attackers to obtain sensitive information and bypass security constraint via a susceptible version of Synology DiskStation Manager (DSM) NAS OS, Synology Router Manager (SRM) and SMB Service.
CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738 and CVE-2021-23192 allow remote authenticated users and man-in-the-middle attackers to bypass security constraint and conduct denial-of-service attacks via a susceptible version of Synology Directory Server.
Affected products:
Mitigation: None
Detail: Reserved
Reference:
Revision: