DSM 4.0-2259

Publish Time: 2013-11-14 00:00:00 UTC+8

Last Updated: UTC+8



After installing DSM 4.0-2259, the updating process will repair the system and remove malware caused by the vulnerability:

  • A vulnerability to allow unauthorized access via DSM from HTTP. (CVE-2013-6955)

Common Symptoms

The followings are common symptoms to appear on affected DiskStation and RackStation:

  • Exceptionally high CPU usage detected in Resource Monitor:
    CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
  • Appearance of non-Synology folder:
    An automatically created shared folder with the name “startup”, or a non-Synology folder appearing under the path of “/root/PWNED”
  • Redirection of the Web Station:
    “Index.php” is redirected to an unexpected page
  • Appearance of non-Synology CGI program:
    When you login to terminal via SSH or telnet, files with meaningless names exist under the path of “/usr/syno/synoman”
  • Appearance of non-Synology script file:
    When you login to terminal via SSH or telnet, Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.d”


If you find any of above situation, please reinstall DSM 4.0-2259 or later by following the instruction here.

For others who haven't encountered above symptoms, it is recommended to go to DSM > Control Panel > DSM Update page, install the latest updates to protect DiskStation from malicious attacks.