Critical Security Alert: Synology Urges Users to Patch Zero-Click RCE Vulnerability
.jpg)
At Aegix Cybersecurity, we prioritize the security of your digital assets. Recently, Synology, a leading provider of network-attached storage (NAS) devices, disclosed a critical zero-click vulnerability affecting millions of its NAS products, specifically the DiskStation and BeePhotos applications. This flaw, tracked as CVE-2024-10443 and named RISK:STATION by security researchers at Midnight Blue, poses a significant threat that demands immediate attention.
Understanding the RISK:STATION Vulnerability
The RISK:STATION vulnerability allows attackers to execute remote code on vulnerable Synology devices without any user interaction. This "zero-click" nature means that exploiting the flaw does not require the victim to click on a malicious link or open a compromised file, making it particularly dangerous. Once exploited, attackers could gain root-level access, enabling them to steal sensitive data and deploy additional malware on affected devices.
Affected Versions
To safeguard your data and devices, users must upgrade to the following patched versions:
- BeePhotos for BeeStation OS 1.0: Upgrade to 1.0.2-10026 or later
- BeePhotos for BeeStation OS 1.1: Upgrade to 1.1.0-10053 or later
- Synology Photos 1.6 for DSM 7.2: Upgrade to 1.6.2-0720 or later
- Synology Photos 1.7 for DSM 7.2: Upgrade to 1.7.0-0795 or later
Currently, it’s estimated that between one and two million Synology devices are exposed to this vulnerability, particularly those connected to the internet. Synology has withheld additional technical details to allow users time to implement these crucial patches.
Industry Response: QNAP Patches Vulnerabilities
In related news, QNAP has also addressed security concerns by patching three critical vulnerabilities affecting its products, including QuRouter and SMB Service. The vulnerabilities, identified as CVE-2024-50389, CVE-2024-50387, and CVE-2024-50388, were all demonstrated during the Pwn2Own Ireland 2024 hacking contest.
While there is currently no evidence of active exploitation of these vulnerabilities, it’s essential to act swiftly and apply the recommended patches to mitigate potential risks. NAS devices have been prime targets for ransomware attacks, emphasizing the need for proactive security measures.
Conclusion
At Aegix Cybersecurity, we urge all Synology and QNAP users to take immediate action to secure their devices. Regularly updating your software and applying security patches is vital in safeguarding against emerging threats. Stay vigilant and ensure your cybersecurity measures are up to date to protect your sensitive data from potential breaches.
