Synology-SA-24:20 DSM (PWN2OWN 2024)
Publish Time: 2024-11-05 15:15:05 UTC+8
Last Updated: 2024-12-05 17:54:12 UTC+8
- Severity
- Critical
- Status
- Resolved
Abstract
The vulnerability reported in ZDI-CAN-25403 allows remote attackers to execute arbitrary code.
The vulnerability reported in ZDI-CAN-25613 allows remote attackers to read specific files.
The vulnerability reported in ZDI-CAN-25617 allows adjacent man-in-the-middle attacker to write specific files.
Updates of DSM 7.2.1, DSM 7.1 and DSMUC 3.1 will be published within 30 days.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
DSM 7.2.2 | Critical | Upgrade to 7.2.2-72806-1 or above. |
DSM 7.2.1 | Critical | Upgrade to 7.2.1-69057-6 or above. |
DSM 7.1 | Critical | Upgrade to 7.1.1-42962-7 or above. |
DSM 6.2 | Critical | Upgrade to 6.2.4-25556-8 or above. |
DSMUC 3.1 | Critical | Upgrade to 3.1.4-23079 or above. |
Mitigation
None
Detail
Reserved
Revision
Revision | Date | Description |
---|---|---|
1 | 2024-11-05 | Initial public release. |
2 | 2024-11-12 | Update for DSM 7.2.1 is now available in Affected Products. |
3 | 2024-11-14 | Update for DMSUC 3.1 is now available in Affected Products. |
4 | 2024-11-26 | Update for DSM 7.1 is now available in Affected Products. |
5 | 2024-12-05 | Added DSM 6.2 to Affected Products. |
6 | 2024-12-05 | Update for DSM 6.2 is now available in Affected Products. |