Synology DSM Vulnerability Allows Remote Command Execution by Attackers

Synology has released an urgent security update to address a critical vulnerability in its DiskStation Manager (DSM) software that could allow unauthenticated remote attackers to execute arbitrary commands on affected NAS devices.

The flaw, tracked as CVE-2026-32746, has been assigned a CVSS v3 score of 9.8, indicating a severe risk to both enterprise and home users relying on Synology storage systems.

Vulnerability Details

The issue originates in the telnetd service of the GNU Inetutils package, affecting versions up to 2.7. It is classified as a classic buffer overflow vulnerability (CWE-120), specifically located in the LINEMODE SLC (Set Local Characters) suboption handler.

The root cause lies in the add_slc function, which fails to properly check buffer boundaries before writing data.

This improper validation leads to an out-of-bounds write condition. An attacker can exploit this memory corruption flaw by sending specially crafted Telnet requests, ultimately forcing the system to execute arbitrary commands.

Since the attack does not require authentication, it significantly increases the exploitation risk, especially for Internet-exposed NAS devices.

The impact of this vulnerability is particularly serious because NAS systems often store critical business data, backups, and sensitive personal files. Successful exploitation could allow attackers to:

• Deploy ransomware targeting stored backups
• Exfiltrate sensitive data from shared storage
• Establish persistence within the network
• Use the compromised NAS as a pivot point for lateral movement

Given the role of NAS devices in centralized storage environments, a single compromise could lead to widespread network exposure.

Synology confirmed that multiple DSM versions are vulnerable. The following versions require immediate updates:

• DSM 7.3: Upgrade to 7.3.2-86009-3 or later
• DSM 7.2.2: Upgrade to 7.2.2-72806-8 or later
• DSM 7.2.1: Upgrade to 7.2.1-69057-11 or later
• DSMUC 3.1: Patch is still under development

Notably, BeeStation OS 1.4, Synology Router Manager (SRM) 1.3, and VS600HD 1.2 are not affected by this vulnerability.

Synology strongly advises administrators to apply the latest firmware updates immediately to mitigate the risk.

For systems where patches are not yet available, a temporary workaround is recommended: disable the Telnet service.

To disable Telnet:

1. Log in to the Synology NAS interface
2. Open Control Panel
3. Navigate to Terminal settings
4. Uncheck “Enable Telnet service”
5. Click Apply

Disabling Telnet removes the vulnerable attack surface entirely. In modern environments, Telnet should not be used due to its lack of encryption.

Secure alternatives such as SSH are strongly recommended for remote access.

This vulnerability highlights the ongoing risks associated with legacy protocols and outdated service components in modern infrastructure.

Even widely used enterprise products can become vulnerable when older network services remain enabled.

Organizations should regularly audit exposed services, disable unnecessary protocols, and prioritize timely patch management.

Proactive hardening, combined with continuous monitoring, remains essential to defending against increasingly sophisticated remote attacks targeting storage infrastructure.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Synology DSM Vulnerability Allows Remote Command Execution by Attackers appeared first on Cyber Security News.