Customers of Taiwan-based Synology, a provider of networking and storage solutions, have been alerted about the availability of patches for a number of serious issues, including ones that were probably recently exploited at the Pwn2Own hacking competition. A remote desktop feature of VPN Plus Server has an out-of-bounds write vulnerability that is identified as CVE-2022-43931.
In late December, the corporation released two further critical advisories. One of them discusses a vulnerability affecting Synology VPN Plus Server, which transforms routers into cutting-edge VPN servers, that was found internally. A remote attacker may be able to issue any commands they want to.