Root via Telnet: Why You Must Patch Your Synology NAS Against This Decade-Old Ghost
Do Son 
On January 29, 2026, Synology, a preeminent manufacturer of Network Attached Storage (NAS) solutions, disseminated a series of critical firmware updates for its DiskStation Manager (DSM) operating system. These patches, categorized as essential or critical, will be automatically implemented unless the user has explicitly deactivated the system’s autonomous update functionality.
The vulnerability pertains primarily to the telnetd processβthe service daemon governing Telnetβwithin the terminal functionality of the DSM. Designated as CVE-2026-24061, the flaw has been assigned a severity rating of “Critical” or “High-Risk” by the manufacturer. While Synology has refrained from disclosing the granular technicalities of the exploit, it strongly encourages all users to transition to the most recent software iteration immediately, particularly those who find the utilization of Telnet services indispensable.
The affected software lineages and their requisite remedial versions are as follows:
- Synology DSM 7.3 Series: Versions antecedent to 7.3.2-86009.
- Synology DSM 7.2.2 Series: Mandatory migration to 7.2.2-72806-5 or higher.
- Synology DSM 7.3.1 Series: Mandatory migration to 7.3.1-86003 Update 1 or higher.
Although Synology defaults to a secure posture by disabling terminal servicesβspecifically SSH and Telnetβthe security community maintains that the presence of the vulnerability itself constitutes a degradation of the system’s defensive architecture. Even if Telnet remains inactive, the flaw resides within core system files, representing a latent risk.
Should a malicious actor infiltrate the system through a secondary, low-privilege environment, they could weaponize the telnetd vulnerability to facilitate local privilege escalation. Consequently, fortifying the system through these updates is the only prudent course of action to ensure the comprehensive integrity of the device’s security perimeter.
Related Posts:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
