web analytics
Home » Technology » Internet » Synology Releases Security Patch For VPN Plus Servers

Synology Releases Security Patch For VPN Plus Servers

VPN services

The Taiwanese manufacturer Synology has again issued a security warning to customers. This time, users of Synology routers using VPN Plus servers are affected. There is a patch, but little information about the vulnerability.

Synology has therefore discovered a vulnerability classified as critical in the VPN Plus Server for SRM application. Versions VPN Plus Server for SRM 1.3 and VPN Plus Server for SRM 1.2 are affected. Updates are available for both versions that plug the security hole.

Few details about the patch are available

VPN Plus Server for SRM 1.3 users is recommended to update to 1.4.4-0635 or higher. VPN Plus Server users can upgrade to 1.4.3-0534 or later. So far, the company has not revealed much about the vulnerability. It is therefore not yet known whether this vulnerability is actively exploited or not. Either way, users should now act as soon as possible and run the update.

Security Advisory:

“A vulnerability allows remote attackers to execute arbitrary commands through a vulnerable version of Synology VPN Plus Server.” Further details will only be released once the update has already reached the affected users. There is currently no corresponding CVE entry.

Security researcher Kevin Wang reported the vulnerability. Wang discovered a similar vulnerability back in October and reported it to the company.