Synology DiskStation Manager Security Misconfiguration Scanner

The Synology DiskStation Manager (DSM) is a specialized operating system developed by Synology for use on their NAS devices. It is widely utilized in both personal and business environments, offering a range of features for network storage and media services. Individuals and organizations across various sectors use DSM to manage data efficiently and securely. Its intuitive interface and robust functionality make it a go-to solution for centralizing data and facilitating seamless data sharing across devices. Synology's DSM strengthens IT infrastructure by providing reliable storage solutions adaptable to different scales and requirements.

The vulnerability identified in this scanner pertains to a security misconfiguration within the Synology DiskStation Manager system. This vulnerability arises when system information is disclosed via the SYNO.API.Info endpoint without requiring authentication. It involves the exposure of available APIs, their versions, and installed packages, allowing external parties to gain insights into the system's configuration. Such exposure could be inadvertently configured by the system administrator or by default settings not adequately secured post-deployment. Ensuring the system's security controls and configurations are tightly managed is crucial to mitigating such vulnerabilities.

This scanner specifically detects instances where the SYNO.API.Info endpoint within the Synology DiskStation Manager discloses information. The vulnerable endpoint is accessed via a GET request at the path '/webapi/entry.cgi?api=SYNO.API.Info&version=1&method=query&query=all'. It becomes vulnerable when it returns system information without ensuring authentication, indicated by successful responses containing specific strings such as "SYNO.Core.", "SYNO.FileStation.", and "SYNO.DSM.". Additionally, the response headers showing 'application/json' content type and status code 200 further confirm this vulnerability.

Exploitation of this vulnerability by malicious actors can lead to the exposure of sensitive information regarding the system's architecture, available APIs, and potentially installed software versions. This information could be used to target further vulnerabilities or initiate more focused attacks against the system. In environments with weak security policies, such exposure might facilitate unauthorized access or system compromise. Properly configuring the API endpoints and ensuring all services require authentication is essential to prevent misuse by attackers.

REFERENCES

• https://www.synology.com/en-us/dsm