Synology-SA-18:64 DSM

Publish Time: 2018-12-26 14:06:16 UTC+8

Last Updated: 2019-01-04 17:50:46 UTC+8

Severity
Critical
Status
Resolved

Abstract

A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Critical Upgrade to 6.2.1-23824-4 or above.
DSM 6.1 Critical Upgrade to 6.1.7-15284-3 or above.
DSM 5.2 Critical Upgrade to 5.2-5967-9 or above.
SkyNAS[1] Critical Please manually download and install version 6.1.7-15284-3.
VS960HD Not affected N/A

[1] Perform Manual DSM Update

Mitigation

None

Detail

Reserved

Acknowledgement

Uriya Yavnieli from VDOO (https://vdoo.com)

Revision

Revision Date Description
1 2018-12-26 Initial public release.
2 2019-01-02 Update for DSM 6.1 and DSM 5.2 are now available in Affected Products.
3 2019-01-04 Update for SkyNAS is now available in Affected Products.