1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Synology patches serious flaws in its network-attached storage devices

Discussion in 'CSO' started by RSS, May 26, 2015.

  1. RSS

    RSS New Member Member

    Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices' software, one of which could allow attackers to compromise the data stored on them.

    The most serious vulnerability is located in the Synology Photo Station, a feature of DiskStation Manager (DSM), the Linux-based operating system that runs on the company's NAS devices.

    Synology Photo Station allows users to create online photo albums and blogs that can be accessed remotely using the NAS device's public IP (Internet Protocol) address.

    Researchers from Dutch firm Securify found that Photo Station did not properly sanitize user input, allowing potential attackers to inject system commands that would be executed with the privileges of the Web server.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page