Synology-SA-21:01 DNSpooq

Publish Time: 2021-01-20 10:22:07 UTC+8

Last Updated: 2021-01-20 10:22:07 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686 allow remote attackers to conduct spoofing attacks via a susceptible version of DiskStation Manager (DSM) and Synology Router Manager (SRM).

None of Synology's products are affected by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687 as these vulnerabilities only affect when DNSSEC is compiled.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Ongoing
DSM UC 3.0 Not affected N/A
SkyNAS Not affected N/A
VS960HD Not affected N/A
SRM 1.2 Moderate Upgrade to 1.2.4-8081-2 or above.

Mitigation

None

Detail

Reserved

Reference

Revision

Revision Date Description
1 2021-01-20 Initial public release.