Improper Output Escaping in Synology BeeStation Manager and DiskStation Manager
CVE-2024-10441

9.8CRITICAL

Key Information:

Vendor
Synology
Status
Diskstation Manager (dsm)
Beestation Os (bsm)
Vendor
CVE Published:
19 March 2025

Badges

📈 Score: 745📰 News Worthy

What is CVE-2024-10441?

CVE-2024-10441 is a vulnerability affecting Synology's BeeStation Manager and DiskStation Manager products. These software solutions are designed for managing network-attached storage systems, facilitating storage and data management for both individual users and enterprises. The vulnerability arises from improper output escaping, which could allow remote attackers to execute arbitrary code on affected systems. If exploited, this vulnerability can lead to severe operational disruptions and potential unauthorized access to sensitive data, negatively impacting organizational security and integrity.

Technical Details

The vulnerability manifests due to flaws in the system plugin daemon of Synology's software, specifically in versions prior to 1.1-65374 for BeeStation Manager and multiple versions of DiskStation Manager including those before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6, and 7.2.2-72806-1. Attackers can exploit this fault via unspecified vectors to execute arbitrary code, which could grant them extensive control over vulnerable systems. Organizations that rely on these systems must be aware of the potential risks associated with this vulnerability.

Potential Impact of CVE-2024-10441

  1. Remote Code Execution: The most significant risk posed by CVE-2024-10441 is the potential for remote code execution. Unauthorized attackers could gain control over the affected systems, prompting severe ramifications including data theft or loss.

  2. Data Breach Risks: Exploiting this vulnerability could lead to unauthorized access to sensitive organizational data. A successful attack may result in significant exposure of personal, financial, or proprietary information, creating compliance and reputational risks.

  3. Operational Disruption: If exploited, the vulnerability could allow attackers to disrupt normal business operations. This includes potential system outages, loss of data availability, and the need for extensive recovery actions that could impact productivity and customer trust.

Affected Version(s)

BeeStation OS (BSM) 1.1

BeeStation OS (BSM) 1.1 < 1.1-65374

BeeStation OS (BSM) 1.0 < 1.1-65374

News Articles

favicon imageGBHackers News

Critical Synology Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A critical vulnerability affecting Synology's DiskStation Manager (DSM) has been disclosed, allowing remote attackers to execute arbitrary code on vulnerable systems.

2 weeks ago

References

https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory
https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

.