Synology Vulnerability - Remote Attackers Can Execute Commands
Basically, a flaw in Synology's software lets hackers run commands on your device without permission.
A severe vulnerability in Synology's DiskStation Manager allows remote attackers to execute arbitrary commands. This affects many NAS systems used for enterprise data management. Immediate patching is crucial to protect sensitive data from unauthorized access.
The Flaw
A critical security advisory has been issued regarding a severe vulnerability in Synology's DiskStation Manager (DSM). This flaw, tracked as CVE-2026-32746, allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The vulnerability has a near-maximum CVSSv3 base score of 9.8, categorizing it as a critical threat. The root cause lies within the telnetd daemon of the GNU Inetutils package, specifically affecting versions up to 2.7. This issue is classified as a classic buffer overflow (CWE-120).
During an active network session, the LINEMODE SLC (Set Local Characters) suboption handler improperly processes inputs. This happens because the add_slc function fails to check if the buffer is full. As a result, this oversight leads to a dangerous out-of-bounds write, allowing attackers to bypass authentication and execute malicious commands directly on the host system.
What's at Risk
NAS devices like Synology's are prime targets for cybercriminals, especially ransomware operators and data extortion groups. These systems often store sensitive corporate data and critical backups. An unauthenticated compromise could enable attackers to deploy ransomware, exfiltrate confidential files, or establish persistent backdoors before security teams can react. The potential for widespread damage is significant, making this vulnerability a serious concern for organizations relying on Synology devices for data management.
Patch Status
Synology has confirmed that multiple versions of DSM and DSMUC are critically impacted by this vulnerability. Administrators running DSM 7.3 must upgrade to version 7.3.2-86009-3 or newer. For those using DSM 7.2.2, the upgrade to version 7.2.2-72806-8 or later is necessary. Systems on DSM 7.2.1 need to upgrade to 7.2.1-69057-11 or above. Synology is actively developing a critical security patch for DSMUC 3.1. Meanwhile, other enterprise products, such as BeeStation OS 1.4, SRM 1.3, and VS600HD 1.2, are unaffected by this specific vulnerability.
Immediate Actions
For administrators managing systems pending a patch, Synology recommends applying immediate temporary mitigations. Since the vulnerability specifically requires access to the Telnet protocol, turning off the Telnet service can neutralize the risk of remote exploitation. To secure devices, navigate to the Control Panel, access Terminal settings, uncheck the “Enable Telnet service” option, and click Apply. Disabling Telnet aligns with modern cybersecurity best practices, as it transmits data in plaintext and is considered outdated.