Synology-SA-25:01 DSM (PWN2OWN 2024)

Publish Time: 2025-02-04 18:44:22 UTC+8

Last Updated: 2025-02-04 18:44:22 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

A vulnerability allows man-in-the-middle attackers to hijack the authentication of administrators.

The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25487) has been addressed.

Affected Products

Product Severity Fixed Release Availability
DSM 7.2 Moderate Upgrade to 7.2.2-72806-3 or above.
DSM 7.1 Moderate Ongoing
DSMUC 3.1 Not affected N/A

Mitigation

None

Detail

Reserved

Acknowledgement

Chris Anastasio (@mufinnnnnnn) & Fabius Watson (@FabiusArtrel)

Revision

Revision Date Description
1 2025-02-04 Initial public release.