By Eduard Kovacs on May 26, 2015
Taiwan-based network attached storage (NAS) company Synology has released software updates to address several vulnerabilities reported by Dutch security company Securify.
One of the flaws uncovered by researchers is a reflected cross-site scripting (XSS) bug in Synology DiskStation Manager (DSM), the operating system that runs on the company’s DiskStation and RackStation appliances.http://www.securityweek.com/sites/default/files/images/Synology%20NAS.png
“This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials if available, performing arbitrary actions on their behalf but also performing arbitrary redirects to potential malicious websites,” Securify wrote in its advisory.
Full Article
Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software
+54Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.