Security News > 2023 > January > Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.
Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.
Successful exploitation of the issue "Allows remote attackers to execute arbitrary commands via unspecified vectors," the Taiwanese company said, adding it was internally discovered by its Product Security Incident Response Team.
Users of VPN Plus Server for Synology Router Manager 1.2 and VPN Plus Server for SRM 1.3 are advised to update to versions 1.4.3-0534 and 1.4.4-0635, respectively.
The network-attached storage appliance maker, in a second advisory, also warned of several flaws in SRM that could permit remote attackers to execute arbitrary commands, conduct denial-of-service attacks, or read arbitrary files.
Baruah earned $20,000 for a command injection attack against the WAN interface of the Synology RT6600ax, while Computest netted $5,000 for a command injection root shell exploit aimed at its LAN interface.
News URL
https://thehackernews.com/2023/01/synology-releases-patch-for-critical.html
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-03 | CVE-2022-43931 | Unspecified vulnerability in Synology VPN Plus Server 1.4.30534 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |