Vulnerabilities > CVE-2022-43931 - Unspecified vulnerability in Synology VPN Plus Server 1.4.30534

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

critical

NVD

Published: 2023-01-03

Updated: 2023-11-07

Summary

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology VPN Plus Server - Synology VPN Plus Server 1.4.3-0534	2
OS	Synology Synology Router Manager 1.2 Synology Router Manager 1.3	2

References

https://www.synology.com/en-global/security/advisory/Synology_SA_22_26