Published on: 06 November 2024
Synology has published security advisories to address multiple vulnerabilities in Synology products. The list of patches can be found at:
https://www.synology.com/en-us/security/advisory/Synology_SA_24_18
https://www.synology.com/en-us/security/advisory/Synology_SA_24_19
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_20
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_21
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_22
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_23
For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure or tampering on an affected system.
System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
Patches for some affected systems are not yet available for download and are scheduled to be released within November 2024. Affected users should keep abreast of the Synology website for the availability of patches, and apply the patches when available.
As a security best practice, system administrators and users are also advised to disable the unnecessary Internet access to the administration interface and user portal of Synology devices.