Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Synology Security Synology-SA-23:07 DSM

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

This and the other three security advisories posted at the same time would seem to point to that fact that we are all now being pushed to use the latest DSM and SRM. To summarise the responses.

OS versionVulnerability response… or this
DSM 7.2Fixed in version XYZ of 7.2
DSM 7.1Fixed in version XYZ of 7.1Will not fix
DSM 7.0Will not fix
DSM 6.2Will not fix
SRM 1.3Ongoing
SRM 1.2Will not fix

 
This and the other three security advisories posted at the same time would seem to point to that fact that we are all now being pushed to use the latest DSM and SRM. To summarise the responses.

OS versionVulnerability response… or this
DSM 7.2Fixed in version XYZ of 7.2
DSM 7.1Fixed in version XYZ of 7.1Will not fix
DSM 7.0Will not fix
DSM 6.2Will not fix
SRM 1.3Ongoing
SRM 1.2Will not fix

Saw this a few days ago and said to myself “well that’s one way off pushing people to get the latest software and buy x15 or better models”.

“will not fix” bumper sticker right there!
 
“will not fix” bumper sticker right there!
Most of these security issues are quite obscure and unlikely to affect the average user. Still, I'd like to see my v6.24 installation patched if the cure is not worse than the disease.
 
I've not looked further into the vulnerabilities, but it was the 'will not fix' even for DSM 7.1 that was a surprise. DSM 7.1 was a last update point for a few NAS models and to so quickly stop security patching seems a little premature. It sort of begs the question: why didn't Synology just cut those models out of DSM 7 completely?
 
Question. (For those with “Will not Fix” NAS’s…).

If they fix SRM, and unfixed DSM is behind the fixed SRM. Is DSM safe??

Doesn’t affect me—just nosy!
 
Probably not. Generally they are for account takeover. Those devices are separate.
 
Last question, promise

If someone with unfixed DSM only uses Quick Connect for external access, behind fixed SRM, any different?
(I’m asking this to learn more on the strengths of QuickConnect (3rd party connect) over open ports)
 
I’m not sure they have released the details of the vulnerabilities and successful exploitations. It could be that just having access to the NAS means they are potentially at risk.

I was wondering if placing behind the proxy might afford a little protection from malformed requests. But I don’t think it will, especially if it the vulnerability is a weak routine that’s part of the security mechanism that is called by but isn’t part of the network interface per se.
 
Just realized that my neighbor with 2600 with V1.2.x will have to upgrade..... Alerted him....
That's certainly an incentive to upgrade.... Here's where having 2x 2600's is a good thing!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

Synology Security Synology-SA-24:27 DSM
A vulnerability allow remote attackers to conduct denial-of-service attacks. A vulnerability allow remote...
Replies
0
Views
154
The vulnerability reported in ZDI-CAN-25403 allows remote attackers to execute arbitrary code. The...
Replies
0
Views
1,367
Synology Security Synology-SA-24:02 DSM
A vulnerability allows remote authenticated users to conduct phishing attacks via a susceptible version of...
Replies
0
Views
1,027
Synology Security Synology-SA-24:01 DSM
I also noted that the initial remediation for all versions of DSM was to install DSM 7.2-64561. However, I...
Replies
6
Views
1,558
A vulnerability allows local users to execute arbitrary code. A vulnerability allows local users to...
Replies
0
Views
74
Those of you who use Surveillance Station as a motion event in SS Cameras... (Even though it's been...
Replies
1
Views
120
Multipe vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on...
Replies
0
Views
127

Thread Tags

Tags Tags
dsm

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top