Synology BeeStation OS and DiskStation Manager Improper Output Encoding Vulnerability Allowing Remote Code Execution

A critical vulnerability has been identified in Synology BeeStation OS (BSM) versions prior to 1.1-65374 and in Synology DiskStation Manager (DSM) versions prior to 7.2-64570-4, 7.2.1-69057-6, and 7.2.2-72806-1. This vulnerability arises from improper encoding or escaping of output in the system plugin daemon, which allows remote attackers to execute arbitrary code via unspecified vectors.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users are advised to upgrade to Synology BeeStation OS version 1.1-65374 or above. For Synology DiskStation Manager, upgrade to version 7.2.2-72806-1, 7.2.1-69057-6, 7.2-64570-4, or 7.1.1-42962-7.