Synology-SA-21:01 DNSpooq
Publish Time: 2021-01-20 10:22:07 UTC+8
Last Updated: 2021-01-20 10:22:07 UTC+8
- Severity
- Moderate
- Status
- Ongoing
Abstract
CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686 allow remote attackers to conduct spoofing attacks via a susceptible version of DiskStation Manager (DSM) and Synology Router Manager (SRM).
None of Synology's products are affected by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687 as these vulnerabilities only affect when DNSSEC is compiled.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2 | Moderate | Ongoing |
| DSM UC 3.0 | Not affected | N/A |
| SkyNAS | Not affected | N/A |
| VS960HD | Not affected | N/A |
| SRM 1.2 | Moderate | Upgrade to 1.2.4-8081-2 or above. |
Mitigation
None
Detail
Reserved
Reference
- VU#434904
- ICS Advisory (ICSA-21-019-01)
- DNSpooq
- CVE-2020-25681
- CVE-2020-25682
- CVE-2020-25683
- CVE-2020-25684
- CVE-2020-25685
- CVE-2020-25686
- CVE-2020-25687
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2021-01-20 | Initial public release. |