A critical zero-click remote code execution (RCE) vulnerability has been discovered in Synology's NAS devices, impacting millions of users worldwide. Dubbed "RISK:STATION" this flaw poses a significant threat to users of Synology's DiskStation and BeeStation devices, particularly those running Synology Photos or BeePhotos applications. Due to the zero-click nature of the vulnerability, no user interaction is required, making this flaw a highly concerning risk vector for ransomware, data theft, or malware injection. This article will explore the vulnerability in detail, including the affected products, its potential impact, and measures to mitigate or fix the flaw.
Synology is a Taiwanese company known for its network-attached storage (NAS) devices that serve both consumers and enterprises. Their BeeStation and DiskStation NAS products are popular among home users, small businesses, and enterprises for storage and cloud synchronization. These devices run a tailored operating system called DiskStation Manager (DSM), which offers functionalities like photo management, cloud backup, and more. The Synology Photos and BeePhotos apps, integral to managing photos, have recently been identified as vulnerable components in these NAS devices.
CVE ID: CVE-2024-10443 (RISK:STATION)
Description: Unauthenticated zero-click remote code execution vulnerability in Synology Photos and BeePhotos applications
CVSS Score: Critical (Exact score pending)
CVSS Vector: Pending official release at the time of publish this article.
The RISK:STATION vulnerability was discovered during the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager at Midnight Blue. The flaw resides in the Synology Photos and BeePhotos components, which are responsible for photo management on Synology DiskStation and BeeStation NAS devices. These components contain code that can be exploited to achieve remote code execution at the root level without any user action, making them particularly susceptible to abuse by attackers. Attackers can use the flaw to gain unauthorized access, deploy ransomware, or exfiltrate sensitive information.
The RISK:STATION vulnerability impacts millions of NAS devices, as the Synology Photos and BeePhotos components are either pre-installed or commonly used by NAS owners. The flaw allows attackers to exploit the vulnerable code to gain complete control over affected NAS devices. Devices exposed to the internet via port forwarding or Synology's QuickConnect feature are especially at risk, as they are readily accessible without authentication. Midnight Blue's research indicates that between one and two million devices are currently affected and potentially exposed to attacks. The vulnerability, given its unauthenticated zero-click nature, provides attackers with an easy means to compromise devices remotely and covertly.
The following Synology products are affected by the RISK vulnerability:
Product
|
Version
|
Fixed Release
|
---|---|---|
BeePhotos for BeeStation OS
|
1.0 and 1.1
|
Upgrade to 1.0.2-10026 or 1.1.0-10053
|
Synology Photos for DSM 7.2
|
1.6 and 1.7
|
Upgrade to 1.6.2-0720 or 1.7.0-0795
|
No mitigations are available for older versions other than upgrading to the patched versions. Users are strongly advised to apply these patches immediately.
To determine whether your Synology NAS device is vulnerable to RISK, ensure that you are not running the affected versions of Synology Photos or BeePhotos. You can verify the version of the installed app by navigating to the DSM Control Panel > Package Center > Installed Packages. Compare the version with the patched releases listed above. If you are running an affected version, proceed with updating immediately.
Devices configured to allow remote access via Synology’s QuickConnect or port forwarding are at greater risk. Use services like Shodan or Censys to check if your NAS is exposed to the internet, and disable QuickConnect if unnecessary.
To fix the RISK vulnerability, follow these steps:
Apply the Patch: Update Synology Photos and BeePhotos to the patched versions. Visit the DSM Package Center and install the latest updates for Synology Photos (1.7.0-0795 or 1.6.2-0720) and BeePhotos (1.1.0-10053 or 1.0.2-10026).
Disable Vulnerable Services: If patching is not immediately possible, you can mitigate the risk by disabling the Synology Photos or BeePhotos application through the DSM Control Panel. This will prevent exploitation of the vulnerable code.
Restrict Network Exposure: Disable port forwarding to your NAS and block ports 5000 and 5001 on your router. Additionally, disable QuickConnect to prevent unauthorized internet access.
Network Segmentation: Ensure your NAS is isolated from the wider network to minimize potential impact in case of compromise. Use VLANs or firewalls to segregate critical infrastructure.
Monitor and Respond: Regularly monitor your network for unusual activity. Employ intrusion detection and prevention systems (IDS/IPS) to detect any attempts to exploit this vulnerability.
We hope this post helps you learn about the details of the RISK vulnerabilities in Synology NAS devices, including their technical details, potential impact, affected models, and most importantly, how to protect your Synology NAS from these vulnerabilities. Stay secure, stay updated, and continue to prioritize the safety of your network and data. Thank you for reading this post. Please share this article to help secure the digital world. Visit our website thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.