Synology VPN Plus Server command execution | CVE-2022-43931

January 4, 2023

DESCRIPTION

Synology VPN Plus Server could allow a remote attacker to execute arbitrary commands on the system, caused by an out-of-bounds write flaw in the Remote Desktop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Access Vector: Network

    A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

    If you like the site, please support us on Patreon using the button below

    Digital Patreon Wordmark FieryCoralv2

    To keep up to date follow us on the below channels.

    join
    Click Above for Telegram
    discord
    Click Above for Discord
    reddit
    Click Above for Reddit
    hd linkedin
    Click Above For LinkedIn

    NAME

    Synology VPN Plus Server command execution

    • Platforms Affected:
      Synology VPN Plus Server for SRM 1.2
      Synology VPN Plus Server for SRM 1.3
    • Risk Level:
      10
    • Exploitability:
      Unproven
    • Consequences:
      Gain Access

    DESCRIPTION

    Synology VPN Plus Server could allow a remote attacker to execute arbitrary commands on the system, caused by an out-of-bounds write flaw in the Remote Desktop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

    CVSS 3.0 Information

    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
    • Access Vector: Network

      A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

      If you like the site, please support us on Patreon using the button below

      Digital Patreon Wordmark FieryCoralv2

      To keep up to date follow us on the below channels.

      join
      Click Above for Telegram
      discord
      Click Above for Discord
      reddit
      Click Above for Reddit
      hd linkedin
      Click Above For LinkedIn

You may have missed

image

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024
image

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024
image

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

November 22, 2024
image

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

November 22, 2024
image

[QILIN] – Ransomware Victim: LBCO Contracting LTD

November 22, 2024