Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

User introduction Hello from New York

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

2
0
NAS
DS1817,DS718+
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
  2. iOS
So we are a small business services provider with several Synology NAS devices supported. I actually came here looking for information on the new security advisory that came out of PWN2OWN 2024 (specifically ZDI-CAN-25403 which is the DSM bug). Can't find anything but the actual announcement from Synology. Looks like things are very quiet here in general. Too bad.
 
Not much has been released about the PWN2OWN vulnerabilities in themselves. The advisory from Synology identifies each package and OS affected and what is the patch remediation.

If your NAS hasn’t alerted you to the updates you can find them here and do a manual install.
 
It’s the “not much has been released” that’s giving me agita. Hate to do an emergency update on a 5 day old release that I’m not sure I am even vulnerable to. I’m behind a firewall on these devices and I can’t even tell if I am open to exploitation.
 
Last edited:
There’s good reason to limit the information released: while that may help assuage your concerns about patching, it also gives malicious actors clues to how to exploit unpatched devices. Not all owners are quick to apply updates so this window gives more time for them to hear about the critical vulnerabilities.

From the little information it sounds like Internet exposed NAS are at risk. They don’t limit the risk by saying it’s only accessible via authenticated users, nor local users.

Having firewalled the NAS you have set static rules to limit access. But what if the compromise is initiated from a permitted source? That’s why having intrusion protection and anomalous behaviour detecting mechanisms are used to address activity that meets firewall policies.

At present a web search for 'synology pwn2own 2024' will get the most up to date information.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

User introduction Hello from Reno, Nevada
Addendum to my previous User Introduction: I'm a 60-something user with a DS224+ NAS. While I've been...
Replies
0
Views
40
User introduction Hello from Luxembourg
Hello Sirius! Nice of you to introduce yourself. I hope you enjoy your DS1621+ for at least a few more...
Replies
1
Views
45
User introduction Colorado Hello
Thanks Rusty, for your action and offer. I’ll likely be in touch. Are you you on Central European time...
Replies
5
Views
145
Hello and nice to have you with us!
Replies
1
Views
115
Many thanks for the welcome!
Replies
2
Views
139
Thanks! It’s a nice community!
Replies
2
Views
132

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top