Vulnerability cyber

Synology

Nov 2, 2024 1 min read
Synology

Synology's network-attached storage (NAS) devices, specifically the widely used SynologyPhotos application on BeeStation and DiskStation systems, suffer from a critical zero-click vulnerability. If exploited, attackers could gain unauthorized root access to the devices, enabling them to steal personal and corporate files, plant backdoors, or deploy ransomware, severely impeding user access to stored data. The flaw was discovered during the Pwn2Own contest and exposes potentially millions of internet-connected Synology NAS devices to significant risk. Although the issue has been reported to Synology, the widespread use of their storage solutions and the severity of the potential data breaches present a concerning scenario for both individual and corporate users.

Source: https://www.wired.com/story/synology-zero-click-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/synology

"id": "syn000110224",
"linkid": "synology",
"type": "Vulnerability",
"date": "11/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Synology',
                        'type': 'Company'}],
 'attack_vector': 'Network-Attached Storage (NAS) Devices',
 'data_breach': {'type_of_data_compromised': ['personal files',
                                              'corporate files']},
 'description': "Synology's network-attached storage (NAS) devices, "
                'specifically the widely used SynologyPhotos application on '
                'BeeStation and DiskStation systems, suffer from a critical '
                'zero-click vulnerability. If exploited, attackers could gain '
                'unauthorized root access to the devices, enabling them to '
                'steal personal and corporate files, plant backdoors, or '
                'deploy ransomware, severely impeding user access to stored '
                'data. The flaw was discovered during the Pwn2Own contest and '
                'exposes potentially millions of internet-connected Synology '
                'NAS devices to significant risk. Although the issue has been '
                'reported to Synology, the widespread use of their storage '
                'solutions and the severity of the potential data breaches '
                'present a concerning scenario for both individual and '
                'corporate users.',
 'impact': {'data_compromised': ['personal files', 'corporate files'],
            'systems_affected': ['Synology NAS devices']},
 'title': 'Synology NAS Zero-Click Vulnerability',
 'type': 'Zero-Click Vulnerability',
 'vulnerability_exploited': 'SynologyPhotos application on BeeStation and '
                            'DiskStation systems'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.