Taiwanese NAS manufacturer Synology has fixed a vulnerability with maximum severity (10/10) affecting routers configured to run as VPN servers.
The vulnerability tracked as CVE-2022-43931 was discovered internally by Synology’s Product Security Incident Response Team (PSIRT) in VPN Plus Server software and was rated by the company with a CVSS3 maximum baseline score of 10.
VPN Plus Server is a virtual private network server that allows administrators to set up Synology routers as VPN servers to enable remote access to resources behind the router.
The vulnerability can be exploited in low complexity attacks without requiring permissions on the target routers or user interaction.
“A vulnerability allows remote attackers to potentially execute arbitrary commands through a vulnerable version of Synology VPN Plus Server,” Synology said in a security advisory released Friday.
“Out-of-bounds write vulnerability in remote desktop functionality in Synology VPN Plus Server prior to 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.”
Out-of-bounds write vulnerabilities can have serious implications such as: B. Data corruption, system crashes and code execution after memory corruption.
Synology has released security updates to fix the bug and recommends customers to update VPN Plus Server for SRM (Synology Router Manager) to the latest available version.
Last month, Synology released a second critical severity advisory and announced that multiple vulnerabilities in Synology Router Manager had been patched.
“Several vulnerabilities allow remote attackers to execute arbitrary commands, perform denial of service attacks, or read arbitrary files through a vulnerable version of Synology Router Manager (SRM),” the company said.
While Synology did not list the CVE IDs of the vulnerabilities, several researchers and teams are credited with reporting the patched bugs, with at least two of them successfully demonstrating zero-day exploits targeting the Synology RT6600ax routers on day one of the Pwn2Own targeted hacking contest in Toronto 2022.
Gaurav Baruah earned $20,000 for executing a command injection attack on Synology RT6600ax’s WAN interface.
Computest, which was also recognized in December’s Critical Advisory, demonstrated a command-injection root shell exploit targeting the LAN interface of the same Synology router.
Is there a downside to always using a VPN?
We’ve summarized the main disadvantages of using a VPN below: Some VPNs can slow down your connection speeds. You could be blocked from using certain services or websites like Netflix. VPNs are illegal or tightly controlled in certain countries like China.
Is it okay to leave my VPN on all the time? VPN can be left on all the time In summary, leaving your VPN on all the time is not only perfectly safe, it is actually recommended. It can keep your online identity anonymous, protect you from attacks related to unsecured public Wi-Fi networks and help you bypass various artificial restrictions.
Can a VPN mess up your internet?
Most likely yes: a VPN will slow down your internet. However, how much your speed will be affected depends on the circumstances. How fast your internet was before the VPN, what brand of VPN you use, and how far away you are from your VPN server can all play a role in your internet speed.
Are there any disadvantages to using a VPN?
Some VPNs can slow down your connection speed. You could be blocked from using certain services or websites like Netflix. VPNs are illegal or tightly controlled in certain countries like China. There is no way to tell how encrypted your data is when using a VPN.
What’s the problem with using VPN?
Why VPN is not secure. VPNs are unsafe because they expose entire networks to threats like malware, DDoS attacks, and spoofing attacks. Once an attacker has entered the network via a compromised device, the entire network can be brought to a standstill.
Can I run my entire network over a VPN?
Installing a VPN app on your smartphone, laptop, or tablet is a great way to boost your security and privacy. However, if you want to protect your entire network and especially devices that don’t support VPN functionality, you can install a VPN on your router.
What does a VPN do on a router? A Virtual Private Network (VPN) creates a secure tunnel that extends from your business across the Internet. This enables 24/7 secure access to key network resources from anywhere in the world without having to dial into the office directly.
Is it worth having VPN on the router?
With a VPN enabled, your ISP cannot see the websites you visit or sell your data to third parties. If your ISP is throttling your internet speed, a VPN could even improve it by shielding your activity. All you have to do is set up a VPN on your router and all devices on your network will be protected.
Is it safe to use VPN on home WiFi?
When you use a VPN, your internet traffic is encrypted so nobody can intercept it over public WiFi. Even if you’re not using a secure Wi-Fi connection, the VPN secures your connection everywhere, so you don’t have to worry as much about outside protection.
Do I need VPN on my own router?
If you don’t have a VPN connection on your home router, a hacker can see all devices connected to your local network and traffic from those devices. Cyber criminals can spy on this traffic, blackmail you, steal your files, and wreak a lot of avoidable havoc.
How do I use ExpressVPN with Synology?
- Find your ExpressVPN account login information. Go to the ExpressVPN setup page. …
- Turn off IPv6 on your Synology. Disabling IPv6 prevents IPv6 traffic from leaking outside of the VPN tunnel. …
- Create a new VPN profile. …
- Connect to a VPN server location.
Which VPN to use with Synology? Synology devices support PPTP, L2TP, and OpenVPN protocols, but we strongly recommend using OpenVPN for security and privacy reasons.
Can I use VPN on Synology NAS?
With the VPN server package, you can easily turn your Synology NAS into a VPN server, allowing users to remotely and securely access resources shared on your Synology NAS’s local area network.
Which VPN has all country servers?
ExpressVPN If you’re looking for a super-reliable VPN server network spread all over the world, ExpressVPN should be your top choice.
Which VPN has the most US servers? Private Internet Access (PIA) is one of the best VPNs to use in the US due to its many US server options. Its large network of 35000 servers includes several US-based ones. With so many options, you don’t have to worry about crowded servers and slow speeds.
Sources :