Summary
We would like to inform our partners and customers about an important change in how Synology DSM vulnerabilities are detected in WithSecure™ Elements Exposure Management and WithSecure™ Elements Vulnerability Management.
Following recent changes from Synology, their devices no longer report the full DSM version via the unauthenticated network banner. This impacts detection reliability for unauthenticated scans.
Change Details
What changed:
- Synology has stopped exposing full DSM version information in its network banner (previously available without authentication).
- This change caused inaccurate version recognition for versions with minor release number and potential false positives in EVM/XM.
Action taken:
- To maintain scan integrity, unauthenticated DSM version-based plugins have been temporarily disabled for undetectable versions.
- This impacts approximately 70% of Synology DSM versions.
- For the remaining 30%, unauthenticated detections continue to operate normally.
Upcoming Improvement: SSH Authenticated Scanning for DSM
We are actively working on an enhancement to extend SSH authenticated scanning to fully support Synology DSM.This will restore precise version and vulnerability detection through secure, authenticated methods.
Estimated delivery:
We anticipate that the improvement will be deployed by the first week of December 2025. We will update this article once the deployment has been made.
What Customers Should Do
Once the new SSH scanning capability becomes available:
- Enable SSH access on Synology DSM devices via the DSM web interface.
- Update your scan configurations to use Authenticated System Scan with SSH credentials/keys.
- Verify permissions and connectivity to ensure full coverage.