CVE-2022-45188 - Quickconnect Vulnerability - patch now!

Hello fellow Synology admins,

I recently stumbled upon this advisory by Synology for their vulnerability CVE-2022-45188 that is considered a RCE (remote-code-exploitation) that leverages a bug in Synology’s quickconnect feature.
Luckily for us, according to Synology’s website [1|, this bug has already been fixed in the latest Synology patch.
If you haven’t applied it yet, I highly recommend that you apply it asap.

In case you’re curious and want to know more about this set of vulnerabilities, I recommend this further reading the report [2] by the company Claroty who have disclosed these vulnerabilities and have reported them to Synology.


[1] - Synology’s advisory -
[2] - Claroty’s documentation on the vulnerability - Exploiting Cloud Connectivity to PWN your NAS: Synology DS920 | Claroty


Thank you for the heads up.

1 Like

Just saw this as I was out on vacation! Pinning to the top of the forums for a bit! Thanks @hellslide!

1 Like

Do you think it would be worth mentioning on your channel, in case folks don’t read it here?