Synology Task Manager Vulnerability Allows Arbitrary Code Execution
CVE-2024-10443
Summary
A command injection vulnerability exists in the Task Manager component of Synology's BeePhotos and Synology Photos applications. This vulnerability arises due to improper neutralization of special elements used in commands, enabling remote attackers to exploit the flaw and execute arbitrary code. This situation can occur through unspecified vectors that can be leveraged to compromise the integrity of the affected products, posing significant security risks to users. It is crucial for users of the affected versions to apply the necessary updates to mitigate potential exposure.
Affected Version(s)
BeePhotos *
BeePhotos * < 1.0.2-10026
BeePhotos * < 1.1.0-10053
News Articles
Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to
2 months ago
The Hacker NewsCVE-2024-10443Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Synology addresses a critical zero-click RCE flaw, CVE-2024-10443, impacting millions of NAS devices. Update now.
2 months ago
Help Net SecurityCVE-2024-10443Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) - Help Net Security
Synology has released fixes for unauthenticated "zero-click" RCE vulnerability (CVE-2024-10443) in DiskStation and BeeStation NAS devices.
2 months ago
References
CVSS V3.1
Timeline
Vulnerability published
- 📰
First article discovered by Help Net Security
Vulnerability Reserved