Synology

Synology's network-attached storage (NAS) devices, specifically the widely used SynologyPhotos application on BeeStation and DiskStation systems, suffer from a critical zero-click vulnerability. If exploited, attackers could gain unauthorized root access to the devices, enabling them to steal personal and corporate files, plant backdoors, or deploy ransomware, severely impeding user access to stored data. The flaw was discovered during the Pwn2Own contest and exposes potentially millions of internet-connected Synology NAS devices to significant risk. Although the issue has been reported to Synology, the widespread use of their storage solutions and the severity of the potential data breaches present a concerning scenario for both individual and corporate users.

Source: https://www.wired.com/story/synology-zero-click-vulnerability/

"id": "syn000110224",
"linkid": "synology",
"type": "Vulnerability",
"date": "11/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"