Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
Vulnerability Details
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the SYNO.Core file. The issue results from uncontrolled resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the device.
Additional Details
Synology has issued an update to correct this vulnerability. More details can be found at:
https://www.synology.com/en-global/security/advisory/Synology_SA_23_10
Disclosure Timeline
- 2022-12-02 - Vulnerability reported to vendor
- 2023-09-07 - Coordinated public release of advisory
Credit
Discovered by: Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov
