Critical Remote Code Execution in Synology DiskStation Manager (CVE‑2022‑45188) via Netatalk Library Buffer Overflow
What It Is – A newly disclosed zero‑day (ZDI‑26‑187) reveals an unauthenticated buffer‑overflow in the Netatalk library of Synology DiskStation Manager (DSM). The flaw (CVE‑2022‑45188) allows an attacker to execute arbitrary code as root on any vulnerable NAS.
Exploitability – The vulnerability is rated CVSS 9.8 (Critical). No authentication or user interaction is required (AV:N/PR:N/UI:N). Proof‑of‑concept code was demonstrated at the Pwn2Own competition, confirming active exploitability.
Affected Products – Synology DiskStation Manager (all DSM versions prior to the March 2026 security update).
TPRM Impact – Compromised NAS devices can expose sensitive corporate data, serve as footholds for lateral movement, and disrupt critical backup or file‑sharing workflows that third‑party vendors rely on.
Recommended Actions –
- Deploy Synology’s March 2026 DSM security update immediately.
- Conduct an inventory of all Synology NAS assets across the supply chain and verify patch status.
- Isolate NAS devices on segmented VLANs and enforce strict firewall rules.
- Enable DSM’s intrusion detection and monitor for abnormal AFP traffic or unexpected process launches.
- Review backup integrity and consider re‑imaging any systems that may have been exposed.