Last edited:
I am use DS223j , all is updating to newewr version.
But i am receive from my Telecomunication service for secure problem with my NAS DS223j wit trhis text:
Taking care of customers and their data security, Tet maintains and regularly monitors the security of the infrastructure, as well as cooperates with the IT security incident prevention institution CERT.LV.
We have received information from CERT.LV that a cyber security threat open-ssh:cve-2023-48 has been detected in your Internet connection address.
Cybersecurity threats can be caused by an incorrectly configured computer, TV, external hard drive, WiFi router, and other devices connected to the Internet. You can learn more about the detected threat and the steps to be taken to prevent it here....
You received this e-mail because you have a device, which has a publicly available SSH service, that may be vulnerable to CVE-2023-48795.
Successful exploitation of this vulnerability allows remote attackers to bypass integrity checks, leading to a downgrade or disabling of security features. This vulnerability is known as a Terrapin attack and affects various products, including OpenSSH before 9.6, Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, and many others.
What to do:
We suggest that you check all devices, which have SSH services open to the internet, close all unused SSH services and update the necessary SSH software on your devices.
More info:
* If you lack the experience and knowledge to perform these activities – we recommend that you consider using the help of a competent IT specialist.
But i am receive from my Telecomunication service for secure problem with my NAS DS223j wit trhis text:
Taking care of customers and their data security, Tet maintains and regularly monitors the security of the infrastructure, as well as cooperates with the IT security incident prevention institution CERT.LV.
We have received information from CERT.LV that a cyber security threat open-ssh:cve-2023-48 has been detected in your Internet connection address.
Cybersecurity threats can be caused by an incorrectly configured computer, TV, external hard drive, WiFi router, and other devices connected to the Internet. You can learn more about the detected threat and the steps to be taken to prevent it here....
You received this e-mail because you have a device, which has a publicly available SSH service, that may be vulnerable to CVE-2023-48795.
Successful exploitation of this vulnerability allows remote attackers to bypass integrity checks, leading to a downgrade or disabling of security features. This vulnerability is known as a Terrapin attack and affects various products, including OpenSSH before 9.6, Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, and many others.
What to do:
We suggest that you check all devices, which have SSH services open to the internet, close all unused SSH services and update the necessary SSH software on your devices.
More info:
NVD - CVE-2023-48795
nvd.nist.gov