Security Scan Results

Synology values the security of your system. We devote ourselves to providing users with reliable operating system and services. To guarantee security with a more active approach, we adopt a market-leading, reliable vulnerability scan solution, QualysGuard, to conduct thorough system scans and implement remediation with every major release of DSM.

Scan Enviroment

  • Scan software: Qualysguard Vulnerability Management (VM)
  • DSM version: DSM 6.1 build 15032
  • Scan date: 2017/1/19
  • Preparation: The scan is based on the DSM that passed the verification of Business mode in Synology Security Advisor.
  • Scanner Version: 9.0.29-1
  • Vulnerability Signatures: 2.3.523-2
  • Package list: Show
    • Antivirus Essential
    • AudioStation
    • Backup & Restore
    • CardDAVServer
    • Cloud Station Server
    • CloudStationClient
    • CloudSync
    • DirectoryServer
    • Discourse
    • DNSServer
    • Docker
    • Document Viewer
    • DokuWiki
    • DownloadStation
    • Drupal
    • GitLab
    • GlacierBackup
    • GLPI
    • HASP
    • HiDriveBackup
    • iTunesServer
    • Java
    • joomla
    • LimeSurvey
    • Load Balancer
    • Logitech Media Server
    • LXQt
    • Magento
    • MailServer
    • MailStation
    • MantisBT
    • MariaDB
    • MediaServer
    • MediaWiki
    • Moodle
    • Node.js
    • NoteStation
    • Odoo8
    • OpenERP
    • OrangeHRM
    • osCommerce
    • osTicket
    • PACS
    • PDF Viewer
    • PEAR
    • PhotoStation
    • phpBB
    • phpMyAdmin
    • Piwik
    • Podcast Generator
    • PrestaShop
    • Proxy Server
    • Python3
    • PythonModule
    • RadiusServer
    • Redmine
    • Ruby
    • Spreadsheet
    • SpreeCommerce
    • SSO Server
    • SugarCRM
    • Surveillance
    • TimeBackup
    • VideoStation
    • VPNCenter
    • vtigerCRM
    • web station
    • Webalizer
    • WordPress

Summary of vulnerabilities

Synology has listed a summary of the scan results below.

Severity Level Confirmed Potential
5 0 3
4 0 2
3 9 6
2 3 2
1 2 0
Total 14 13

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.

Vulnerabilities

Severity Level Topic Port / Service Comment
3 NFS Exported Filesystems List Vulnerability NFS You will always see this warning when NFS service is enabled. As long as the NFS rules are properly set to exclusively allow the connection of specific IP addresses, your Synology NAS should be safe.
3 DNS Zone Transfer port 53/tcp
DNS server
Adding rules reminder to security advisor could reduce issues resulting from configuration.
3 SSL/TLS Server supports TLSv1.0 port 8443/tcp over SSL
CardDAV
With regards to the compatibility with clients of older version that does not support SSl/TLS connection.
3 port 5006/tcp over SSL
WebDAV
3 port 993/tcp over SSL
Mail Server
3 port 995/tcp over SSL
Mail Server
3 port 21/tcp over SSL
FTP
3 port 3269/tcp over SSL
3 port 636/tcp over SSL
LDAP
2 Hidden RPC Services NFS You will always see this warning when NFS service is enabled. As long as the NFS rules are properly set to exclusively allow the connection of specific IP addresses, your Synology NAS should be safe.
2 NFS RPC Services Listening on Non-Privileged Ports NFS Mac users can enable this option for the compatibility with NFS service. This option is disabled by default.
2 JBoss Enterprise Application Platform Status Servlet Request Remote Information Disclosure port 9080/tcp
PACS
This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS.
1 Remote Management Service Accepting Unencrypted Credentials Detected Service name: TFTP on UDP port 69. Service name: FTP on TCP port 21.
FTP / TFTP
This issue is still in research stage by Synology.
1 JBoss HTTP Header Information Disclosure Vulnerability port 9080/tcp This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS.

Potential vulnerabilities

Severity Level Topic Port / Service Comment
5 Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability PACS
5 Statd Format Bug Vulnerability NFS Synology has confirmed the version of implemented NFS module is 1.2.8, much later than the version required to address the issue.
5 NFS-Utils Xlog Remote Buffer Overrun Vulnerability NFS
4 Red Hat JBoss Enterprise Application Platform Multiple Security Vulnerabilities port 9080/tcp
PACS
This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS.
4 OpenRADIUS Divide By Zero Denial of Service Vulnerability port 1812/udp
RADIUS server
Synology uses FreeRADIUS, not OpenRADIUS.
3 OpenSSH Xauth Command Injection Vulnerability OpenSSH DSM supports X11 forwarding but GUI of X11. Therefore the system will not be affected by this vulnerability. Synology is still in contact with Qualys to clarify this issue.
3 SMB Signing Disabled or SMB Signing Not Required Samba This issue is still in research stage by Synology.
3 Service Stopped Responding port 3262/tcp
iSCSI
3 Red Hat JBoss Enterprise Application Platform Multiple Security Vulnerabilities (RHSA-2014:0170-1) port 9080/tcp
PACS
This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS.
3 Multiple Vendor Radius Short Vendor-Length Field Denial of Service Vulnerability port 1812/udp
RADIUS server
Synology uses FreeRADIUS, not OpenRADIUS.
3 IETF RADIUS Dictionary Attack Vulnerability port 1812/udp
RADIUS server
This issue is still in research stage by Synology.
2 nlockmgr RPC Service Multiple Vulnerabilities NFS Synology has confirmed the version of implemented NFS module is 1.2.1, much later than the version required to address the issue.
2 Database Instance Detected port 3306/tcp
MariaDB
This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS.

Scan Enviroment

  • Scan software: Qualysguard Vulnerability Management (VM)
  • DSM version: DSM 6.0 build 7319
  • Scan date: 2016/3/24
  • Preparation: The scan is based on the DSM that passed the verification of Business mode in Synology Security Advisor.
  • Scanner Version: 8.0.15-1
  • Vulnerability Signatures: 2.3.261-3
  • Package list: Show
    • Antivirus Essential
    • AudioStation
    • Backup & Restore
    • CardDAVServer
    • Cloud Station Server
    • CloudStationClient
    • CloudSync
    • DirectoryServer
    • Discourse
    • DNSServer
    • Docker
    • Document Viewer
    • DokuWiki
    • DownloadStation
    • Drupal
    • GitLab
    • GlacierBackup
    • GLPI
    • HASP
    • HiDriveBackup
    • iTunesServer
    • Java
    • joomla
    • LimeSurvey
    • Load Balancer
    • Logitech Media Server
    • LXQt
    • Magento
    • MailServer
    • MailStation
    • MantisBT
    • MariaDB
    • MediaServer
    • MediaWiki
    • Moodle
    • Node.js
    • NoteStation
    • Odoo8
    • OpenERP
    • OrangeHRM
    • osCommerce
    • osTicket
    • PACS
    • PDF Viewer
    • PEAR
    • PhotoStation
    • phpBB
    • phpMyAdmin
    • Piwik
    • Podcast Generator
    • PrestaShop
    • Proxy Server
    • Python3
    • PythonModule
    • RadiusServer
    • Redmine
    • Ruby
    • Spreadsheet
    • SpreeCommerce
    • SSO Server
    • SugarCRM
    • Surveillance
    • TimeBackup
    • VideoStation
    • VPNCenter
    • vtigerCRM
    • web station
    • Webalizer
    • WordPress

Summary of vulnerabilities

Synology has listed a summary of the scan results below.

Severity Level Confirmed Potential
5 0 1
4 0 0
3 10 2
2 6 1
1 1 4
Total 17 8

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.

Vulnerabilities

Severity Level Topic Port / Service Comment
3 NFS Exported Filesystems List Vulnerability NFS This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses.
3 Mail Server Accepts Plaintext Credentials port 25/tcp It is to be compatible with clients with non-SSl/TLS connections.
3 POP3 Server Allows Plain Text Authentication Vulnerability port 110/tcp
3 Web Server Uses Plain-Text Form Based Authentication port 80/tcp HTTPS connection can be enabled to avoid this vulnerability.
3 port 9007/tcp
3 port 8000/tcp
3 port 7000/tcp
3 port 8800/tcp
3 port 9350/tcp
3 DNS Zone Transfer port 53/tcp DNS zone transfer is an option that can be disabled or enabled by users when needed.
2 Hidden RPC Services NFS This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses.
2 NFS RPC Services Listening on Non-Privileged Ports NFS This option is disabled by default. Users can enable this option to be compatible with Mac NFS system.
2 UDP Constant IP Identification Field Fingerprinting Vulnerability Kernel This vulnerability only exists in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification.
2 TCP Sequence Number Approximation Based Denial of Service This can be avoided by correctly configuring the firewall settings.
2 AutoComplete Attribute Not Disabled for Password in Form Based Authentication port 80/tcp Password auto-completion is allowed by default in the open source of Drupal, vtigerCRM, and phpMyAdmin.
2 port 443/tcp
1 Remote Management Service Accepting Unencrypted Credentials Detected port 30003/tcp TFTP is an option disabled by default and can also be configured in Control Panel > File Services > TFTP/PXE. It is recommanded that you use FTPS for better security.

Potential vulnerabilities

Severity Level Topic Port / Service Comment
5 Statd Format Bug Vulnerability Synology has confirmed that the NFS module implemented is version 1.2.1, the version much newer than the version required to addressing the issue.
3 OpenSSH "X SECURITY" Bypass Vulnerability port 22/tcp DSM does not support the GUI of X11, therefore the system is not affected by this vulnerability. Synology is in contact with Qualys to clarify of this warning.
3 port 5566/tcp
2 nlockmgr RPC Service Multiple Vulnerabilities Synology has confirmed that the NFS module implemented is version 1.2.1, the version much newer than the version required to addressing the issue.
1 Possible Scan Interference This issue is caused by setup and environment instead of DSM itself.
1 Postfix SMTP Log Denial of Service Vulnerability port 25/tcp Our Postfix version is 2.9.2, which is not included in the range of problematic versions.
1 port 465/tcp over SSL
1 port 587/tcp

Scan Enviroment

  • Scan software: Qualysguard Vulnerability Management (VM)
  • DSM version: DSM 5.2 - 5589
  • Scan date: 2015/6/26
  • Preparation: The scan is based on the DSM that passed the verification of Business mode in Synology Security Advisor.
  • Scanner Version: 7.14.37-1
  • Vulnerability Signatures: 2.3.50-2
  • Package list: Show
    • Antivirus Essential
    • Audio Station
    • CardDAV Server
    • Cloud Station
    • Cloud Station Client
    • Cloud Sync
    • Directory Server
    • DNS Server
    • Download Station
    • Glacier Backup
    • HiDrive Backup
    • iTunes Server
    • Java Manager
    • Mail Server
    • Mail Station
    • MariaDB
    • Media Server
    • Note Station
    • Photo Station
    • Proxy Server
    • Python Module
    • Radius Server
    • SSO Server
    • Surveillance Station
    • TimeBackup
    • Video Station
    • VPN Center

Summary of vulnerabilities

Synology has listed a summary of the scan results below.

Severity Level Confirmed Potential
5 0 0
4 0 1
3 17 4
2 22 1
1 0 5
Total 39 11

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.

Vulnerabilities

Severity Level Topic Port / Service Comment
3 Squid Proxy X509 Sever Certification Validation Bypass Vulnerability Proxy Server Synology Proxy Server does not support the feature that is being affected by the vulnerability on Squid Proxy X509 Sever, so this shall not raise such security issue.
3 Web Server Uses Plain-Text Form Based Authentication port 80/tcp
mail
HTTPS connection can be enabled to avoid this vulnerability.
3 Mail Server Accepts Plaintext Credentials port 25/tcp It is to be compatible with clients with non-SSl/TLS connections.
3 POP3 Server Allows Plain Text Authentication Vulnerability port 110/tcp
3 SSL/TLS use of weak RC4 cipher port 993/tcp over SSL
Mail Server (IMAPS)
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSL Server Supports Weak Encryption Vulnerability port 636/tcp over SSL
LDAP
Weak encryption is kept for compatibility with other LDAP clients.
3 SSL/TLS use of weak RC4 cipher port 636/tcp over SSL
LDAP
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) port 636/tcp over SSL
LDAP
SSLv3 is supported to be compatible with IBM Domino LDAP Server.
3 SSL Server Has SSLv3 Enabled Vulnerability port 636/tcp over SSL
LDAP
3 SSL/TLS use of weak RC4 cipher port 995/tcp over SSL Weak RC4 cipher is kept to ensure backward compatibility.
3 DNS Zone Transfer port 53/tcp
DNS server
DNS zone transfer is an option that can be disabled or enabled by users when needed.
3 SSL Server Supports Weak Encryption Vulnerability port 21/tcp over SSL
FTP
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSL/TLS use of weak RC4 cipher port 21/tcp over SSL
FTP
3 SSL Server Supports Weak Encryption Vulnerability port 25/tcp over SSL
Mail Server (SMTP)
3 SSL/TLS use of weak RC4 cipher port 143/tcp over SSL
Mail Server (IMAP)
3 port 110/tcp over SSL
Mail Server (POP3)
3 NFS Exported Filesystems List Vulnerability NFS This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses.
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 443/tcp over SSL This warning will not exist after system administrator signs an identified certificate.
2 port 993/tcp over SSL
2 port 636/tcp over SSL
2 port 995/tcp over SSL
2 port 8001/tcp over SSL
2 port 465/tcp over SSL
2 port 9351/tcp over SSL
2 port 5002/tcp over SSL
2 port 8801/tcp over SSL
2 port 9901/tcp over SSL
2 port 7001/tcp over SSL
2 port 9008/tcp over SSL
2 port 21/tcp over SSL
2 port 25/tcp over SSL
2 port 143/tcp over SSL
2 port 110/tcp over SSL
2 port 587/tcp over SSL
2 port 5006/tcp over SSL
2 Hidden RPC Services NFS This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses.
2 NFS RPC Services Listening on Non-Privileged Ports NFS This option is disabled by default. Users can enable this option to be compatible with Mac NFS system.
2 UDP Constant IP Identification Field Fingerprinting Vulnerability Kernel This vulnerability only exists in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification.
2 TCP Sequence Number Approximation Based Denial of Service port 111/21 This is an issue that could be avoided by applying firewall settings.

Potential vulnerabilities

Severity Level Topic Port / Service Comment
4 OpenRADIUS Divide By Zero Denial of Service Vulnerability port 1812/udp
RADIUS
Synology NAS does not apply the open-source solution OpenRADIUS. We are waiting for Qualys' reply for further clarification.
3 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day port 50000/tcp Although Apache 2.2.3 is applied in DSM, this vulnerability has actually been addressed.
3 port 5002/tcp
3 Multiple Vendor Radius Short Vendor-Length Field Denial of Service Vulnerability port 1812/udp
RADIUS
This CVE only exists in FreeRADIUS version 0.3 and older versions. Synology Radius Server has upgraded to FreeRADIUS 2.2.5.
3 IETF RADIUS Dictionary Attack Vulnerability port 1812/udp
RADIUS
EAP-MD5 is supported for compatibility.
2 nlockmgr RPC Service Multiple Vulnerabilities NFS It is confirmed that the NFS module has been updated to a newer version addressing this vulnerability. We are waiting for further clarification from Qualys.
1 OpenLDAP Multiple Vulnerabilities LDAP Our OpenLDAP version is 2.4.40, which is not included in the range of problematic versions.
1 Postfix SMTP Log Denial of Service Vulnerability port 25/tcp
Mail Server
Our Postfix version is 2.9.2, which is not included in the range of problematic versions.
1 port 465/tcp over SSL
1 port 587/tcp
1 Possible Scan Interference This issue is caused by setup and environment instead of DSM itself.

Scan Enviroment

  • Scan software: Qualysguard Vulnerability Management (VM)
  • SRM version: SRM 1.1 - 6328
  • Scan date: 2016/7/4
  • Preparation: The scan is based on the SRM that passed the verification of Business mode in Synology Security Advisor.
  • Scanner Version: 8.2.18-1
  • Vulnerability Signatures: 2.3.329-2
  • Package list: Show
    • Download Station
    • VPN Server
    • DNS Server
    • Radius Server
    • Media Server
    • Cloud Station
    • Intrusion Prevention
    • Perl

Summary of vulnerabilities

Synology has listed a summary of the scan results below.

Severity Level Confirmed Potential
5 0 0
4 0 0
3 4 2
2 5 0
1 1 0
Total 10 2

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major SRM releases have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

Vulnerabilities

Severity Level Topic Port / Service Comment
3 WINS Domain Controller Spoofing Vulnerability - Zero Day udp port 137
SMB / NETBIOS
It's the protocol design issue, and only affect users in NAT. It could be protected with proper firewall/routing table setting, so it will not be a problem in a well-protected environment.
3 NetBIOS Name Conflict Vulnerability udp port 137
SMB / NETBIOS
3 NetBIOS Release Vulnerability udp port 137
SMB / NETBIOS
3 DNS Zone Transfer port 53/tcp
DNS server
DNS zone transfer is an option that can be disabled or enabled by users themselves.
2 NetBIOS Name Accessible SMB / NETBIOS It's the protocol design issue, and only affect users in NAT. It could be protected with proper firewall/routing table setting, so it will not be a problem in a well-protected environment.
2 UDP Constant IP Identification Field Fingerprinting Vulnerabilit Kernel This vulnerability only exist in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification.
2 TCP Sequence Number Approximation Based Denial of Service port 111/21 This is an issue that can be avoided by firewall settings.
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 443/tcp over SSL This waring will not exist after signing an identified certificate by the system administrator.
2 port 8001/tcp over SSL
1 ICMP Timestamp Request This issue is due to Qualys suggests not to filter all ICMP messages, as some of them are necessary for proper behavior of Operating System TCP/IP stacks. It could be avoided with proper firewall setting, so it will not be a problem in a well-protected environment.

Potential vulnerabilities

Severity Level Topic Port / Service Comment
3 OpenSSH Xauth Command Injection Vulnerability port 22/tcp SRM does not support the GUI of X11, therefore the system is not affected by this vulnerability. Synology is in contact with Qualys to clarify of this warning.
3 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day port 8001/tcp
Web server
Although the version of Apache remains in 2.2.3 in SRM, this vulnerability has been addressed with individual fix.

Scan Enviroment

  • Scan software: Qualysguard Vulnerability Management (VM)
  • SRM version: SRM 1.0 - 5778
  • Scan date: 2015/10/21
  • Preparation: The scan is based on the SRM that passed the verification of Business mode in Synology Security Advisor.
  • Scanner Version: 7.16.38-1
  • Vulnerability Signatures: 2.3.128-3
  • Package list: Show
    • Download Station
    • VPN Server
    • DNS Server
    • Radius Server
    • Media Server

Summary of vulnerabilities

Synology has listed a summary of the scan results below.

Severity Level Confirmed Potential
5 0 0
4 0 0
3 1 2
2 2 0
1 0 0
Total 3 2

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major SRM releases have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

Vulnerabilities

Severity Level Topic Port / Service Comment
3 DNS Zone Transfer port 53/tcp
DNS and BIND
DNS zone transfer is an option that can be disabled or enabled by users themselves.
2 UDP Constant IP Identification Field Fingerprinting Vulnerability TCP/IP This vulnerability only exist in Linux kernel 2.4, but SRM has upgraded to Linux kernel 3.6 and above. We are waiting for Qualys' reply for further clarification.
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 8001/tcp over SSL
General remote services
This waring will not exist after signing an identified certificate by the system administrator.

Potential vulnerabilities

Severity Level Topic Port / Service Comment
3 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day port 8000/tcp
Web server
Although the version of Apache remains in 2.2.3 in SRM, this vulnerability has been addressed with individual fix.
3 port 8001/tcp
Web server