Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Synology Virtual Private Network (VPN) Plus Servers
Alerts

Critical Vulnerability in Synology Virtual Private Network (VPN) Plus Servers

4 January 2023

Synology has released security patches to address a critical out-of-bounds write vulnerability (CVE-2022-43931). The vulnerability is found in Remote Desktop Functionality in Synology VPN Plus Server versions before 1.4.3-0534 and 1.4.4-0635 and has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability could allow remote attackers to execute arbitrary commands.

Users are advised to upgrade to the following versions immediately:

  • 1.4.3-0534 or above for VPN Plus Server for SRM 1.2

  • 1.4.4-0635 or above for VPN Plus Server for SRM 1.3

More information is available here:

https://www.synology.com/en-us/security/advisory/Synology_SA_22_26

https://www.bleepingcomputer.com/news/security/synology-fixes-maximum-severity-vulnerability-in-vpn-routers/

Back to top