cbcvebase.
CVE-2022-43931
published 2023-01-03

CVE-2022-43931: Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to…

PriorityP275critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
16.84%
96.7th percentile
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

Affected

4 ranges
VendorProductVersion rangeFixed in
synologyvpn_plus_server< 1.4.3-05341.4.3-0534
synologyvpn_plus_server< 1.4.4-06351.4.4-0635
synologyvpn_plus_server>= * < 1.4.4-06351.4.4-0635
synologyvpn_plus_server>= * < 1.4.3-05341.4.3-0534

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-43931 is an out-of-bounds write vulnerability in the Remote Desktop Functionality of Synology VPN Plus Server; target versions before 1.4.3-0534 and 1.4.4-0635 are exploitable for remote code execution via unspecified vectors
  • Synology VPN Plus Server deployments running versions prior to 1.4.3-0534 or 1.4.4-0635 should be treated as unpatched and prioritized for detection/patching; exploitation allows full system takeover
  • ·The attack vector is described only as 'unspecified vectors' — no specific exploit path, payload, or network indicator has been publicly disclosed in these sources, limiting concrete IOC extraction
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.