What are you looking for ?
Advertise with us
RAIDON

Synology Three Security Advisories on Resolved Vulnerabilities

Concerning DSM NAS OS, BeeDrive for desktop, and Surveillance Station app

Synology, Inc. had published 3 security advisories on resolved vulnerabilities.

Synology-SA-24:27 DSM

Publish time: 2024-11-27 14:30:49 UTC+8
Last updated: 2024-11-27 14:30:49 UTC+8
Severity: Important
Status: Ongoing

Abstract

  • A vulnerability allow remote attackers to conduct denial-of-service attacks.
  • A vulnerability allow remote attackers to obtain sensitive information.
  • A vulnerability allow remote authenticated users to obtain privileges without consent.

Affected products

Product

Severity

fixed release availability

DSM 7.2.2

Important

Upgrade to 7.2.2-72806 or above

DSM 7.2.1

Important

Upgrade to 7.2.1-69057-2 or above

DSM 7.1

Important

Ongoing

DSMUC 3.1

Important

Upgrade to 3.1.4-23079 or above

Mitigation: None

Detail: Reserved

Acknowledgement

Revision

Revision

Date

Description

1

2024-11-27

Initial public release.

 

Synology-SA-24:26 BeeDrive for desktop

Publish time: 2024-11-26 18:21:36 UTC+8
Last updated: 2024-11-26 18:21:36 UTC+8
Severity: Important
Status: Resolved

Abstract

  • A vulnerability allows local users to execute arbitrary code.
  • A vulnerability allows local users to conduct denial-of-service attacks.

Affected products

Product

Severity

Fixed release availability

BeeDrive for desktop

Important

Upgrade to 1.3.2-13814 or above

Mitigation: None

Detail: Reserved

Acknowledgement

  • Bocheng Xiang with FDU(@crispr)
  • Zhao Runzi (赵润梓)

Revision

Revision

Date

Description

1

2024-11-26

Initial public release

 

Synology-SA-24:25 Surveillance Station

Publish time: 2024-11-26 16:24:00 UTC+8
Last updated: 2024-11-26 16:24:00 UTC+8
Severity: Moderate
Status: Resolved

Abstract

  • Multiple vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML.
  • Multiple vulnerabilities allow remote authenticated users to obtain sensitive information.
  • Multiple vulnerabilities allow remote authenticated users with administrator privileges to read or write specific files.

Affected products

Product

Severity

Fixed release availability

Surveillance Station for DSM 7.2

Moderate

Upgrade to 9.2.2-11575 or above

Surveillance Station for DSM 7.1

Moderate

Upgrade to 9.2.2-11575 or above

Surveillance Station for DSM 6.2

Moderate

Upgrade to 9.2.2-9575 or above

Mitigation: None

Detail: Reserved

Acknowledgement

  • Tim Coen (https://security-consulting.icu/)
  • Zhao Runzi (赵润梓)
  • 李建申(https://lsr00ter.github.io

Revision

Revision

Date

Description

1

2024-11-26

Initial public release

 

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E