CVE-2016-10366 A vulnerability was found within the web-based management interface of Synology devices that allows remote attackers to execute arbitrary code via a malformed request. The issue is due to insufficient validation of user-supplied input by the management interface. A remote attacker could exploit this vulnerability by sending a malformed request to take control of the affected device. A successful exploit could allow the attacker to remotely execute code with root privileges on the affected device.
As of Synology DSM version 7.2, this issue has been fixed and updated DSM packages have been released. Users are recommended to update their DSM packages as soon as possible.

While not critical, a remote attack may result in a partial denial of service condition.

An attacker may be able to inject arbitrary code into the system process, allowing for the execution of arbitrary code.

The above issues may be exploited by malicious people to perform a remote attack.

The Synology device does not have any user-facing mechanisms to prevent these attacks.
In order to secure your Synology NAS, we recommend updating the DSM packages as soon as possible.

What is DSM?

DSM stands for Disk Station Manager. DSM is a software application that runs on a Synology NAS, which enables you to manage the contents of your NAS. This includes uploading, downloading and streaming files, as well as sharing content with other people.

Timeline

Published on: 10/20/2022 06:15:00 UTC
Last modified on: 10/21/2022 15:51:00 UTC

References