Synology CVE - Update ASAP for PWN2OWN 2024 vulnerabilities

Update Synology DSM and packages ASAP

After PWN2OWN 2024 multiple CVE’s were discovered and have since been patched. These CVEs are listed out here.

What do you need to do:

Especially if your NAS is exposed to the internet (quick connect / port forwarding) you need to update DSM and the following packages ASAP:

  • Photos
  • Synology Drive
  • Replication service

You will want to check the version you are running by looking at the package center for these 3 apps, then compare it to the version that is affected, vs the patch released. This is it for Synology Photos:

All of the patches are linked here

If you do not see the updates available, and are running an affected version, you will need to manually update. I show this in the second half of the video, but you just need to go here and put in your specific NAS version, and download the patched version and manually apply it.

Video going over it:

What if you want to keep Video Station / H265:

If you are currently on DSM 7.2.1 or 7.1 and do not want to update, there are package versions and DSM patches for each of these right now. I cover how to do it in the second half of the video, but if you go into downloads

3 Likes