Critical Flaw in Synology DSM Risks Remote Exploitation

Synology has issued an urgent security alert regarding a serious vulnerability in DiskStation Manager (DSM) that could allow remote attackers to execute unauthorized commands.

Vulnerability Details

This flaw, identified as CVE-2026-32746, is particularly concerning due to its high CVSSv3 base score of 9.8, classifying it as critical. The vulnerability originates in the telnetd daemon of the GNU Inetutils package, affecting versions up to 2.7, and is a classic buffer overflow (CWE-120).

The problem arises during an active network session when the LINEMODE SLC (Set Local Characters) suboption mishandles inputs due to inadequate buffer checks by the add_slc function. Such oversight can lead to out-of-bounds writes, enabling attackers to bypass authentication and execute commands maliciously.

Implications for NAS Systems

Synology NAS devices are prime targets for ransomware and data theft, given their role in storing sensitive information and critical backups. Remote command-execution vulnerabilities pose significant risks, potentially leading to ransomware deployment, data theft, and establishing persistent access before detection.

Synology has acknowledged the critical impact on multiple DSM and DSMUC versions. Firmware updates are available for DSM 7.3, which should be upgraded to version 7.3.2-86009-3 or newer. Users of DSM 7.2.2 and DSM 7.2.1 must update to versions 7.2.2-72806-8 and 7.2.1-69057-11, respectively. A patch for DSMUC 3.1 is still under development.

Mitigation and Best Practices

To mitigate the risk, Synology advises disabling the Telnet service, which is susceptible to exploitation. Administrators should navigate to the Control Panel, access Terminal settings, uncheck ‘Enable Telnet service,’ and click Apply. This aligns with modern cybersecurity practices, as Telnet transmits data in plaintext and is considered obsolete.

While other enterprise products like BeeStation OS 1.4, SRM 1.3, and VS600HD 1.2 are unaffected, vigilance is essential. For systems awaiting patches, immediate temporary mitigation by disabling Telnet is crucial to securing NAS devices from potential threats.

Stay informed with the latest cybersecurity news by following us on Google News, LinkedIn, and X. For further information or to share your stories, contact us today.