NAS device manufacturer Synology issued a security advisory for several vulnerabilities in its software that allows hackers to perform several kinds of attacks. All devices of the company are affected. The culprit are two vulnerabilities in the download software Wget.
Synology’s software makes use of Wget, and through the vulnerabilities an attacker could use a man-in-the-middle attack to execute random code on the device or cause a denial of service in vulnerable versions of Synology DiskStation Manager (DSM), Synology Router Manager (SRM) and Download Station. Especially versions DSM 5.2, 6.0 and 6.1 are vulnerable and also SRM 1.1 and Download Station versions from before 3.8.7 -3490.
Synology released a patch for Download Station 3.8.7-3490 that patches the vulnerabilities.