CVE-2022-43931

Name of the Vulnerable Software and Affected Versions Synology VPN Plus Server versions prior to 1.4.3-0534 and 1.4.4-0635

Description The issue is related to an out-of-bounds write vulnerability in the Remote Desktop functionality of Synology VPN Plus Server. This vulnerability can be exploited by remote attackers to execute arbitrary commands via unspecified vectors, potentially leading to severe consequences such as data damage, system crashes, and code execution after memory corruption. It is noted that the vulnerability can be used in low-complexity attacks without privileges on the target routers or user interaction.

Recommendations For Synology VPN Plus Server versions prior to 1.4.3-0534, update to version 1.4.3-0534 or later. For Synology VPN Plus Server versions prior to 1.4.4-0635, update to version 1.4.4-0635 or later.