Saw that there was a DSM update for Synology available and read the release notes.
-
Saw that there was a DSM update for Synology available and read the release notes. Looks like the only thing it does is patch Telnet to address that comically bad long running security bug which allows people to login without actually supplying credentials. So, if you have a Synology device and for some perverse reason have Telnet enabled, you might want to get to patching. Lol.
-
Saw that there was a DSM update for Synology available and read the release notes. Looks like the only thing it does is patch Telnet to address that comically bad long running security bug which allows people to login without actually supplying credentials. So, if you have a Synology device and for some perverse reason have Telnet enabled, you might want to get to patching. Lol.
Here are the release notes from Synology, the CVE and some lay reporting on just how incredibly bad this bug is and how long it has lingered providing backdoor root level access to a really long list of devices running Telnet. So many routing/networking devices have Telnet access at least as an option which can be enabled to this day, despite this being an absolutely terrible idea.
https://www.synology.com/en-us/releaseNote/DSM?model=DS1821%2B#ver_86009-1
-
Here are the release notes from Synology, the CVE and some lay reporting on just how incredibly bad this bug is and how long it has lingered providing backdoor root level access to a really long list of devices running Telnet. So many routing/networking devices have Telnet access at least as an option which can be enabled to this day, despite this being an absolutely terrible idea.
https://www.synology.com/en-us/releaseNote/DSM?model=DS1821%2B#ver_86009-1
If you have a public facing or even just internal networking device, it would be a really good idea to check that it doesn't have telnet enabled. Check to see if there is a firmware update specifically mentioning this bug. If your device is older/not being actively supported, you should probably assume that the telnetd it is running is vulnerable, as this vulnerability has existing for ~11 years.
-
R AodeRelay shared this topic
