Synology addresses the RCE vulnerability that affects VPN Plus servers

Threat Level – Amber | Vulnerability Report
Download PDF

Synology has addressed a flaw in VPN Plus Server that has the potential to take control affected systems. The vulnerability, identified as CVE-2022-43931, is an out-of-bounds write fault in Synology VPN Plus Server’s remote desktop feature. When exploited, it allows remote attackers to execute arbitrary commands via undefined vectors, launch denial-of-service (DoS) attacks, and read arbitrary files.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox