To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Synology releases urgent DSM security update for DiskStation and RackStation NAS devices

Synology NAS

Security vulnerabilities identified and remediated in latest operating system update

Synology has announced the discovery of security issues in the DiskStation Manager operating system which runs its RackStation and DiskStation NAS devices. The security issues render affected versions of the operating system vulnerable to attacks that allow an unauthorised user to run commands with root privileges and to read, write and delete files on the NAS.

All Synology users are strongly advised to access their NAS, open the Control Panel, go to the DSM Update page and update to the latest version of the operating system.

Symptoms of a compromised NAS include the following:

  • Exceptionally high CPU usage detected in Resource Monitor: CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
  • Appearance of non-Synology folder: An automatically created shared folder with the name “startup”, or a non-Synology folder appearing under the path of “/root/PWNED”

    Redirection of the Web Station: “Index.php” is redirected to an unexpected page

    Appearance of non-Synology CGI program: Files with meaningless names exist under the path of “/usr/syno/synoman”

    Appearance of non-Synology script file: Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.d”

    If you identify any of the above issues, Synology advises that you download the latest version of the DSM from the Synology Download Center and install it on your NAS by running the Synology Assistant application for Windows, Mac OS X or Linux.

    Devices running DSM 4.0 should be installed with DSM 4.0-2259 or later.

    Devices running DSM 4.1 or 4.2 should be upgraded to DSM 4.2-3243 or later.

    Devices running DSM 4.3 should be updated to DSM 4.3-3827.

    Read more

    News