Synology has issued an urgent security update to address a critical vulnerability in its DiskStation Manager (DSM) software that could allow unauthenticated remote attackers to execute arbitrary commands on affected NAS devices. The flaw, tracked as CVE-2026-32746, carries a CVSS v3 score of 9.8, signaling a severe cybersecurity risk for both enterprise environments and individual users relying on network-attached storage systems.
The vulnerability exists in the telnetd service of the GNU Inetutils package and affects versions up to 2.7. The bug, classified as a buffer overflow (CWE-120), is located in the LINEMODE SLC (Set Local Characters) suboption handler. Specifically, the add_slc function fails to properly validate buffer boundaries, leading to an out-of-bounds write condition that attackers can exploit using specially crafted Telnet requests.
Because the exploit does not require authentication, it significantly increases the threat level, particularly for NAS devices exposed to the internet. Successful exploitation could allow attackers to execute arbitrary commands, deploy ransomware targeting stored backups, exfiltrate sensitive data, establish persistence within compromised systems, and use the NAS device as a pivot point for lateral movement across networks.
Given that NAS systems often store critical business data, confidential files, and backup repositories, this vulnerability poses a substantial risk to data integrity and operational continuity. A single compromised device could expose entire network infrastructures, especially in environments with interconnected storage and shared access systems.
Synology has confirmed that multiple DSM versions are affected and has released patches to mitigate the risk. Users are strongly advised to upgrade to the latest versions immediately. DSM 7.3 should be updated to version 7.3.2-86009-3 or later, DSM 7.2.2 to 7.2.2-72806-8 or later, and DSM 7.2.1 to 7.2.1-69057-11 or later. A patch for DSMUC 3.1 is currently under development. Other systems, including BeeStation OS 1.4, Synology Router Manager (SRM) 1.3, and VS600HD 1.2, are not impacted.
For systems where updates cannot be applied immediately, Synology recommends disabling the Telnet service as a temporary mitigation. Administrators can do this by accessing the NAS control panel, navigating to terminal settings, and unchecking the Telnet service option. Disabling Telnet eliminates the vulnerable attack surface, while secure alternatives such as SSH should be used for remote access.
This incident underscores the ongoing cybersecurity risks associated with legacy protocols and outdated service components in modern IT environments. Even widely deployed enterprise technologies remain vulnerable when insecure services are left enabled.
Organizations are encouraged to adopt proactive security practices, including regular system audits, disabling unnecessary network services, implementing timely patch management, and maintaining continuous monitoring. As cyber threats grow more sophisticated, strengthening infrastructure security and minimizing exposure points remain essential for protecting critical data assets.
Recommended Cyber News :
- HiddenLayer Launches Advanced Security for Agentic AI Systems
- Cisco Firewall Flaw Enables Root-Level Remote Code Execution
- Microsoft Plans to Disable WDS Hands-Free Deployment After Critical RCE Flaw
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
