Synology issues security advisory for vulnerabilities in Wget that affects all its devices

Posted 03 November 2017 16:56 CET by Jan Willem Aldershoff

NAS device manufacturer Synology issued a security advisory  for several vulnerabilities in its software that allows hackers to perform several kinds of attacks. All devices of the company are affected. The culprit are two vulnerabilities in the download software Wget.

Synology’s software makes use of Wget, and through the vulnerabilities an attacker could use a man-in-the-middle attack to execute random code on the device or cause a denial of service in vulnerable versions of Synology DiskStation Manager (DSM), Synology Router Manager (SRM) and Download Station. Especially versions DSM 5.2, 6.0 and 6.1 are vulnerable and also SRM 1.1 and Download Station versions from before 3.8.7 -3490.

Synology released a patch for Download Station 3.8.7-3490 that patches the vulnerabilities.

Related content