Synology-SA-20:26 DSM

Publish Time: 2020-11-26 11:52:20 UTC+8

Last Updated: 2021-02-23 01:28:40 UTC+8

Severity
Critical
Status
Pending

Abstract

Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of DiskStation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Important Upgrade to 6.2.3-25426-3 or above.
DSM UC 3.0 Critical Pending
SkyNAS Critical Pending
VS960HD Critical Pending

Mitigation

None

Detail

Reserved

Acknowledgement

  • Justin Taft (@oneupsecurity) working with Trend Micro’s Zero Day Initiative

  • Claudio Bozzato of Cisco Talos

  • DEVCORE

Revision

Revision Date Description
1 2020-11-26 Initial public release.
2 2021-02-02 Update the Acknowledgement
3 2021-02-03 Update the Acknowledgement