Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
An off-by-one error (CWE-193) involves incorrect calculation of a buffer boundary or counter by one element — in this case in the component responsible for data transmission. An attacker can remotely, without any authentication and user interaction, exploit this flaw through unspecified attack vectors, leading to arbitrary code execution. Due to the changed scope (S:C in the CVSS vector), the impact may extend beyond the directly attacked component and affect a broader system context.
An attacker can execute arbitrary code on a vulnerable device without authentication, potentially leading to complete system takeover and the ability to further spread the attack throughout the infrastructure.
Synology Replication Service must be immediately updated to version 1.0.12-0066, 1.2.2-0353 or 1.3.0-0423 (depending on the used branch) and Synology Unified Controller (DSMUC) to version 3.1.4-23079 or later. Details are available in the vendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_22
Synology Replication Service in versions before 1.0.12-0066, before 1.2.2-0353 and before 1.3.0-0423; Synology Unified Controller (DSMUC) in versions before 3.1.4-23079
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HSyncology Replication Service
APPSyncology< 1.3.0-0423Synology Diskstation Manager
OSSynology6.27.17.2Synology Diskstation Manager Unified Controller
APPSynology3.1Synology Replication Service
APPSynology< 1.2.2-0353≤ 1.0.12-0066Synology Unified Controller
APPSynology< 3.1.4-23079
Related vulnerabilities
CSRF umożliwiający RCE w Synology DiskStation Manager i Unified Controller
RCE w Synology BeeStation OS i DSM — błąd kodowania wyjścia w systemowym daemonie
OS Command Injection w Synology BeePhotos i Synology Photos — RCE bez uwierzytelnienia
Brak autoryzacji w Synology Surveillance Station — zapis konfiguracji i restart NAS
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in ...