Synology-SA-18:53 Web Proxy Auto-Discovery

Publish Time: 2018-09-05 23:52:05 UTC+8

Last Updated: 2020-02-21 21:19:39 UTC+8

Severity
Moderate
Status
Resolved

Abstract

A vulnerability allows remote attackers to conduct man-in-the-middle attack via a susceptible version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Upgrade to 6.2.1-23824 or above.
DSM 6.1 Moderate Upgrade to 6.2.1-23824 or above.
DSM 5.2 Moderate Upgrade to 6.2.1-23824 or above.
SkyNAS Moderate Will not fix.
VS960HD Not affected N/A
SRM 1.1 Moderate Upgrade to 1.1.7-6941-2 or above.

Mitigation

None

Detail

Reserved

Reference

Problems with automatic DNS registration and autodiscovery

Revision

Revision Date Description
1 2018-09-05 Initial public release.