Synology Task Manager Vulnerability Allows Arbitrary Code Execution

CVE-2024-10443
9.8CRITICAL

Key Information

Vendor
Synology
Status
Beephotos
Synology Photos
Vendor
CVE Published:
15 November 2024

Badges

đź“° News Worthy

Summary

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Version(s)

BeePhotos <= *

BeePhotos < 1.0.2-10026

BeePhotos < 1.1.0-10053

News Articles

favicon imageHelp Net Security

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to

2 weeks ago

favicon imageThe Hacker News

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

Synology addresses a critical zero-click RCE flaw, CVE-2024-10443, impacting millions of NAS devices. Update now.

3 weeks ago

favicon imageHelp Net Security

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) - Help Net Security

Synology has released fixes for unauthenticated "zero-click" RCE vulnerability (CVE-2024-10443) in DiskStation and BeeStation NAS devices.

3 weeks ago

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • First article discovered by Help Net Security

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database3 News Article(s)

Credit

Rick de Jager, Security Researcher at Midnight Blue
.