- Synology patches critical zero-click vulnerability in NAS devices
- Attacker can exploit vulnerability without user interaction
- $260,000 rewarded to researcher who discovered vulnerability
Synology recently fixed a critical security vulnerability network storage device Products that could allow hackers to hijack victim devices.
The company issued two bulletins to inform users of patched vulnerabilities in its data storage products, specifically Photos of DMS and BeePhotos by BeeStation.
Discovered issues recently demonstrated at the Pwn2Own Ireland 2024 event allow remote code execution, posing a serious threat because they allow attackers to take control of affected devices without user interaction.
Critical vulnerabilities exposed
Remote code execution vulnerabilities are particularly dangerous because they allow an attacker to execute arbitrary commands on a device, thereby putting sensitive data at risk.
By addressing these flaws, Synology ensures users of the app update can better protect their devices from potential attacks, as this not only prevents potential remote access, but also reduces ransomware, data theft and other types of NAS exploitation. Possibility of attack vulnerabilities.
Devices that store sensitive information are often connected to the Internet, so they are often vulnerable to attacks. To protect against malicious actors, it’s important to apply security patches regularly.
Pwn2Own Ireland 2024, organized by Trend Micro’s Zero-Day Initiative (ZDI), awards more than $1 million in rewards to white hat hackers who successfully demonstrate exploits across devices, including NAS systems, cameras and smart speakers.
Synology is one of the companies with security vulnerabilities, with researchers earning a total of $260,000 for discovering vulnerabilities in its products. The company responded quickly to the competitive results and addressed critical flaws in its products.
through Security Weekly