Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.
Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.
Successful exploitation of the
