Synology Besitzer sollten Ihre Systemsoftware unbedingt aktuell halten. Wieder einmal bedrohen drei schwere Sicherheitslücken ältere Systemversionen.

Betroffen sind meist ältere Geräte, die keine aktuelle DSM-Software oder Pakete verwenden. Synology macht auf diese dokumentierten Schwachstellen aufmerksam:

  • CVE-2919-9494, and CVE-2019-9496 allow remote attackers to obtain sensitive information or conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).
  • CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, and CVE-2019-9499 allow remote attackers to obtain sensitive information via a susceptible version of RADIUS Server.

Affected Products

Product Severity Fixed Release Availability
SRM 1.2[1] Moderate Ongoing
RADIUS Server 3.0 Low Ongoing
RADIUS Server 2.2 Not affected N/A
DSM 6.2 Not affected N/A
DSM 6.1 Not affected N/A
DSM 5.2 Not affected N/A
SkyNAS Not affected N/A
VS960HD Not affected N/A

[1] RT2600ac, MR2200ac

Mitigation

For SRM 1.2.1 or above, please download the patch below:
RT2600ac (sha256sum: 59aaacf519d605e9aa4a6b1215102674b60d2adfaa3d079bd8b16937c30a92c1)
MR2200ac (sha256sum: 43ae9853d619797381a28c512f29b4d0e8e4d05feb5557448f140e8a62c22349)
and follow this help article to perform manual update.
For SRM 1.2.0, please upgrade to SRM 1.2.1 or above first, and perform manual update.
For RADIUS Server, please contact Synology technical support via https://account.synology.com/support.

Detail

Reserved

Reference

Wie gut hat Dir der Artikel gefallen ?
Gesamt: 0 Durchschnitt: 0]