Last updated on January 31st, 2023 at 05:19 pm

A critical security vulnerability has been identified in Synology VPN Plus servers, which were developed to transform Synology Router solutions into an advanced VPN (virtual private network) server, that could cause threat actors to execute code remotely in affected versions.

The security vulnerability tracked as CVE-2022-43931 is due to a boundary error in Remote Desktop Functionality and affects Synology VPN Plus Server versions before 1.4.3-0534 and 1.4.4-0635. The vulnerability could allow remote threat actors to execute code on the vulnerable system.

Synology Released Patch for Synology VPN Immediately

Synology fixed the vulnerability immediately after being discovered by Synology Incident Response Team (PSIRT). It had a maximum severity score of 10 out of 10.

To avoid being the target of attacks that can be carried out using vulnerabilities, it is recommended to upgrade to Synology VPN Plus Server 1.4.3-0534 or 1.4.4-0635 versions.

Maximum Severity Vulnerability on Synology VPN Plus Server

Synology Released Patch for Synology VPN Immediately

Perspective of the Month | APT Groups

BellaCiao: The New Malware From Iran’s Charming Kitten

Security News Digest | Security Newsletter | April 27, 2023

Cyber Security Trends in 2023: What You Need to Know

We know what hackers know about you

Solutions

Use Case

Partners

Company