A critical zero-click remote code execution (RCE) vulnerability has been discovered in Synology's NAS devices, impacting millions of users worldwide. Dubbed "RISK:STATION" this flaw poses a significant threat to users of Synology's DiskStation and BeeStation devices, particularly those running Synology Photos or BeePhotos applications. Due to the zero-click nature of the vulnerability, no user interaction is required, making this flaw a highly concerning risk vector for ransomware, data theft, or malware injection. This article will explore the vulnerability in detail, including the affected products, its potential impact, and measures to mitigate or fix the flaw.

Product Overview

Synology is a Taiwanese company known for its network-attached storage (NAS) devices that serve both consumers and enterprises. Their BeeStation and DiskStation NAS products are popular among home users, small businesses, and enterprises for storage and cloud synchronization. These devices run a tailored operating system called DiskStation Manager (DSM), which offers functionalities like photo management, cloud backup, and more. The Synology Photos and BeePhotos apps, integral to managing photos, have recently been identified as vulnerable components in these NAS devices.

Summary of the Vulnerabilities

The RISK:STATION vulnerability was discovered during the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager at Midnight Blue. The flaw resides in the Synology Photos and BeePhotos components, which are responsible for photo management on Synology DiskStation and BeeStation NAS devices. These components contain code that can be exploited to achieve remote code execution at the root level without any user action, making them particularly susceptible to abuse by attackers. Attackers can use the flaw to gain unauthorized access, deploy ransomware, or exfiltrate sensitive information.

Impact of the Vulnerabilities

The RISK:STATION vulnerability impacts millions of NAS devices, as the Synology Photos and BeePhotos components are either pre-installed or commonly used by NAS owners. The flaw allows attackers to exploit the vulnerable code to gain complete control over affected NAS devices. Devices exposed to the internet via port forwarding or Synology's QuickConnect feature are especially at risk, as they are readily accessible without authentication. Midnight Blue's research indicates that between one and two million devices are currently affected and potentially exposed to attacks. The vulnerability, given its unauthenticated zero-click nature, provides attackers with an easy means to compromise devices remotely and covertly.

Products Affected by the Vulnerabilities

The following Synology products are affected by the RISK vulnerability:

No mitigations are available for older versions other than upgrading to the patched versions. Users are strongly advised to apply these patches immediately.

How to Check If Your Product Is Vulnerable

To determine whether your Synology NAS device is vulnerable to RISK, ensure that you are not running the affected versions of Synology Photos or BeePhotos. You can verify the version of the installed app by navigating to the DSM Control Panel > Package Center > Installed Packages. Compare the version with the patched releases listed above. If you are running an affected version, proceed with updating immediately.

Devices configured to allow remote access via Synology’s QuickConnect or port forwarding are at greater risk. Use services like Shodan or Censys to check if your NAS is exposed to the internet, and disable QuickConnect if unnecessary.

How to Fix the Vulnerabilities

To fix the RISK vulnerability, follow these steps:

We hope this post helps you learn about the details of the RISK vulnerabilities in Synology NAS devices, including their technical details, potential impact, affected models, and most importantly, how to protect your Synology NAS from these vulnerabilities. Stay secure, stay updated, and continue to prioritize the safety of your network and data. Thank you for reading this post. Please share this article to help secure the digital world. Visit our website thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive updates like this.

You may also like these articles: