Synology patches serious flaws in its network-attached storage devices
Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices’ software, one of which could allow attackers to compromise the data stored on them.
The most serious vulnerability is located in the Synology Photo Station, a feature of DiskStation Manager (DSM), the Linux-based operating system that runs on the company’s NAS devices.
Synology Photo Station allows users to create online photo albums and blogs that can be accessed remotely using the NAS device’s public IP (Internet Protocol) address.
Researchers from Dutch firm Securify found that Photo Station did not properly sanitize user input, allowing potential attackers to inject system commands that would be executed with the privileges of the Web server.