Security updates: Multiple attacks on Synology NAS and BeeDrive possible
Among other things, Synology has closed several vulnerabilities in the NAS operating system DSM and the backup software BeeDrive.
(Image: Artur Szczybylo/Shutterstock.com)
Synology network storage is vulnerable. Attackers can use vulnerabilities in DSM and the NAS app Surveillance Station to cause damage. The backup solution BeeDrive for Desktop has also been secured against possible attacks. However, not all security patches have been released yet.
Protect NAS devices
CVE numbers and a classification of the threat level of the gaps are still pending. The BSI CERT Bund emergency team classifies the DSM gap as "critical". If attacks are successful, attackers can create DoS states, access sensitive data or acquire higher user rights. It is not yet clear how this could happen.
Videos by heise
There is also no evidence of attacks already in progress. The security updates DSM 7.2.1-69057-2, 7.2.2-72806 and DSMUC 3.1.4-23079 are available to secure NAS systems. The patch for DSM 7.1 is still pending.
Surveillance Station is secured in versions 9.2.2-11575 and 9.2.2-9575. The vulnerability in BeeDrive for Desktop can let malicious code through to PCs. Version 1.3.2-13814 is protected against this.
(des)
