Vulnerability Assessments of Synology Devices

Hi everyone!

I’ve been trying to scan a few Synology NASs (DSM 6.2) using Nessus Pro but having issues with escalating privileges and Nessus doesn’t seem to have many plugins for it anyway. Has anyone else had better luck with a different scanner such as Nexpose or Qualys?

Some of these devices are in PCI-DSS scope and I need to send VA reports to our QSA, so I want to make sure that they are as through as possible.

DSM Security Center reports don’t list CVEs so I can’t import that data to our vulnerability management system either.

Any advice would be greatly appreciated! Thank you