CVE-2015-2809

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 3.1

Description The issue allows remote attackers to cause a denial of service or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. This is due to the Multicast DNS (mDNS) responder inadvertently responding to unicast queries with source addresses that are not link-local.

Recommendations For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to port 5353 to minimize the risk of exploitation.