{"vulnerability": "CVE-2024-1044", "sightings": [{"uuid": "0fa8e481-8828-49e9-922d-761e9dfc1039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html", "content": "", "creation_timestamp": "2024-11-05T09:34:00.000000Z"}, {"uuid": "21f4f8fa-95f9-4039-902a-386682db70a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113486484552451899", "content": "", "creation_timestamp": "2024-11-15T10:25:29.808961Z"}, {"uuid": "797bac39-db74-44df-9001-bc9738ec0344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxqgtbx27", "content": "", "creation_timestamp": "2025-03-19T23:00:06.109090Z"}, {"uuid": "0947a65f-8cef-4daa-adde-0ce041e6760e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxqmrgd23", "content": "", "creation_timestamp": "2025-03-19T23:00:06.575574Z"}, {"uuid": "7dfa68cb-2b57-443d-954b-4aa4c3836c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkpwvqdcm22j", "content": "", "creation_timestamp": "2025-03-19T10:09:28.810997Z"}, {"uuid": "d90cde5c-8fff-4834-baeb-48f08ae59169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkpzqcmtv32r", "content": "", "creation_timestamp": "2025-03-19T11:00:09.632626Z"}, {"uuid": "2c6c4e19-7169-4ee5-94b9-f49c3fcde878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10444", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3ll3mypef772r", "content": "", "creation_timestamp": "2025-03-24T01:44:06.925029Z"}, {"uuid": "efda9016-68f7-4908-95c3-18e98fd0dfe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkpzqcu3ot2j", "content": "", "creation_timestamp": "2025-03-19T11:00:10.311902Z"}, {"uuid": "d997e788-db4f-4ade-a78a-3ecf2d0f4af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkqg253p6z2p", "content": "", "creation_timestamp": "2025-03-19T14:40:21.416341Z"}, {"uuid": "e2b2b7da-47e6-4a78-9a9f-7e461bd026d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114189084185897855", "content": "", "creation_timestamp": "2025-03-19T12:25:49.500289Z"}, {"uuid": "83322f24-bfaa-4a00-acf2-3cdf28e7ed42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114189084185897855", "content": "", "creation_timestamp": "2025-03-19T12:25:49.579657Z"}, {"uuid": "44fe3856-3bf0-4ca2-9e41-6cc08a5228bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114187049168233575", "content": "", "creation_timestamp": "2025-03-19T03:48:17.735919Z"}, {"uuid": "2107bf67-9a96-4296-bd8b-318be94e4551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkuzkroc7n2m", "content": "", "creation_timestamp": "2025-03-21T10:40:19.941504Z"}, {"uuid": "53c79460-cd2f-4a4d-879e-1a0e4040667f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksixxolnl2m", "content": "", "creation_timestamp": "2025-03-20T10:38:09.517101Z"}, {"uuid": "532fcad6-0481-41db-be11-ffd5ce55021c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkuzo2rh4s2q", "content": "", "creation_timestamp": "2025-03-21T10:42:12.622231Z"}, {"uuid": "6ee06e23-4850-497a-aec2-ee6fdd221344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114187049201142094", "content": "", "creation_timestamp": "2025-03-19T03:48:18.167878Z"}, {"uuid": "90a0aab5-9cfb-4794-9463-c06834b89410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkphjbwfh224", "content": "", "creation_timestamp": "2025-03-19T05:34:06.634773Z"}, {"uuid": "c261edf2-36c4-46ea-82e1-7cbf636cae10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lkpeyv35jk2u", "content": "", "creation_timestamp": "2025-03-19T04:49:09.021164Z"}, {"uuid": "21a33def-bed3-4ccb-b130-b660e1b6fe13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkphjeey3s24", "content": "", "creation_timestamp": "2025-03-19T05:34:07.640797Z"}, {"uuid": "a7a1cc2c-c616-4fad-874f-016c53c6a8d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkpb5vs7xk2g", "content": "", "creation_timestamp": "2025-03-19T03:40:19.784500Z"}, {"uuid": "0d94714b-f23c-4df0-8d11-9a9386b6c536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10444", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-215/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "8c9f64c9-223d-48fb-a8ea-d0d1d8e3ea87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-210/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "9a41a828-dce2-46e1-9a18-d5ae0e287e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-209/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "d21ffba4-2d6d-4e35-a695-169198673a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-208/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "27e944b7-ab61-47e9-b2bc-5644dca3a1bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-207/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "cab07b23-ebb3-4d3d-97a1-d92a2c8cac1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-214/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "eba13f44-84a5-4c57-9b15-00a7b541fc30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxz4ls72e", "content": "", "creation_timestamp": "2025-04-15T21:02:21.811775Z"}, {"uuid": "30cbf0ce-087b-4c3f-b2a6-e5c575cc8a19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10448", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:30.000000Z"}, {"uuid": "efd09d9b-2225-4ab8-a3db-67e02e3be177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-269/", "content": "", "creation_timestamp": "2025-05-01T03:00:00.000000Z"}, {"uuid": "0bafd9e0-be33-446f-9ca0-546128f35a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lo3f6lnfej22", "content": "", "creation_timestamp": "2025-05-01T03:39:49.279364Z"}, {"uuid": "4806fa47-c286-4a29-8a84-a3874c3ddc61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10446", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:31.000000Z"}, {"uuid": "e0d1aee6-e75c-413b-8f68-a57f9fcf5203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10444", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10444\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T02:07:02.228Z\n\ud83d\udccf Modified: 2025-03-19T02:07:26.900Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_25_01", "creation_timestamp": "2025-03-19T02:49:24.000000Z"}, {"uuid": "c3f8b7e2-604c-4c53-9b9e-ec890dab3012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:27.000000Z"}, {"uuid": "e70d8a5a-0a94-4d63-8be1-037eb9d01061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "d2bfa7dc-0e42-4d02-8ac1-46691d36fdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10446", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "c0e7cc4d-e648-43e2-bec7-2d9f3a6ae207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10448", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "4c3a66e7-0e3e-4d08-8ccd-1eecc376e4c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "ea8fd866-7d2d-436c-a596-b0ebd9d02c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "56adbcf0-48d8-4a5e-adb2-108ee14f33cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9036", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10445\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T02:10:57.215Z\n\ud83d\udccf Modified: 2025-03-27T09:05:57.248Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_24_23", "creation_timestamp": "2025-03-27T09:26:58.000000Z"}, {"uuid": "4d81574c-f289-48e9-b6ac-1df4ee354ab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8011", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10445\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Improper certificate validation vulnerability in the update functionality in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to write limited files via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T02:10:57.215Z\n\ud83d\udccf Modified: 2025-03-19T02:10:57.215Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_24_23", "creation_timestamp": "2025-03-19T02:49:22.000000Z"}, {"uuid": "03fcac46-9b38-4659-af9d-232772e2d6a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8010", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10442\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T02:14:03.691Z\n\ud83d\udccf Modified: 2025-03-19T02:14:03.691Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_22", "creation_timestamp": "2025-03-19T02:49:21.000000Z"}, {"uuid": "1cf80cf0-9295-4cdd-ae85-c863e5f50578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8328", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10443\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.\n\ud83d\udccf Published: 2024-11-15T10:23:51.233Z\n\ud83d\udccf Modified: 2025-03-21T09:48:42.127Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_18\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_24_19", "creation_timestamp": "2025-03-21T10:20:23.000000Z"}, {"uuid": "a1db7a2a-55a9-4d34-a3bd-80e307dd92f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8012", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10441\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T02:09:56.387Z\n\ud83d\udccf Modified: 2025-03-19T02:09:56.387Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_24_23", "creation_timestamp": "2025-03-19T02:49:23.000000Z"}, {"uuid": "422e7c5e-6910-43fc-a567-10b15a849c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9038", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10441\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T02:09:56.387Z\n\ud83d\udccf Modified: 2025-03-27T08:59:58.103Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_20\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_24_23", "creation_timestamp": "2025-03-27T09:27:00.000000Z"}, {"uuid": "817277cd-198a-4911-95aa-e53c51e70d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1044", "type": "seen", "source": "Telegram/x2FNHHziNDCn6x5F5SXCUOUf7pLNID4H5-usTLVHQBtCJ2U8", "content": "", "creation_timestamp": "2025-02-06T02:43:28.000000Z"}, {"uuid": "ed698f08-d0a1-4fde-b2df-5f7b6d141547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10449", "type": "seen", "source": "https://t.me/cvedetector/9134", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10449 - Codezips Hospital Appointment System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10449 \nPublished : Oct. 28, 2024, 3:15 p.m. | 44\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T17:00:09.000000Z"}, {"uuid": "b4536bcf-a7e4-4370-9eb9-ea906011c65d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10448", "type": "seen", "source": "https://t.me/cvedetector/9126", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10448 - Blood Bank Management System Cross-Site Request Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10448 \nPublished : Oct. 28, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T16:09:53.000000Z"}, {"uuid": "9636b566-9801-49c0-9c1b-19549122055d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10446", "type": "seen", "source": "https://t.me/cvedetector/9105", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10446 - Project Worlds Online Time Table Generator SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10446 \nPublished : Oct. 28, 2024, 12:15 p.m. | 19\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T13:39:09.000000Z"}, {"uuid": "742cc09e-b144-4221-a0a1-f266fbadf382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10440", "type": "seen", "source": "https://t.me/cvedetector/9089", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10440 - Sunnet eHDR CTMS SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10440 \nPublished : Oct. 28, 2024, 3:15 a.m. | 39\u00a0minutes ago \nDescription : The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T05:17:15.000000Z"}, {"uuid": "76f641d9-e5b2-4069-b904-d1930e092f32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10442", "type": "seen", "source": "https://t.me/cvedetector/20616", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10442 - Synology Replication Service Off-by-One Integer Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-10442 \nPublished : March 19, 2025, 3:15 a.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T06:17:17.000000Z"}, {"uuid": "240c1942-9bd5-4094-8802-30e9c38d53ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://t.me/cvedetector/20614", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10441 - Synology BeeStation Manager/DSM/DSMUC Unauthenticated Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-10441 \nPublished : March 19, 2025, 2:15 a.m. | 34\u00a0minutes ago \nDescription : Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T04:36:56.000000Z"}, {"uuid": "f9dfbb5b-e6b9-4f75-b68e-33d12822bab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10445", "type": "seen", "source": "https://t.me/cvedetector/20613", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10445 - Synology BeeStation Manager, DiskStation Manager, and Unified Controller Certificate Validation Remote File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10445 \nPublished : March 19, 2025, 2:15 a.m. | 33\u00a0minutes ago \nDescription : Improper certificate validation vulnerability in the update functionality in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to write limited files via unspecified vectors. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T04:36:55.000000Z"}, {"uuid": "8c61e29c-4867-4bda-8ee0-352f102ae4df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10444", "type": "seen", "source": "https://t.me/cvedetector/20612", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10444 - Synology DSM LDAP Certificate Validation Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-10444 \nPublished : March 19, 2025, 2:15 a.m. | 33\u00a0minutes ago \nDescription : Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T04:36:54.000000Z"}, {"uuid": "e6c3bc02-81a0-4e3c-b011-d087fb25760a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "https://t.me/cvedetector/11060", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10443 - Synology Task Manager Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10443 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:35.000000Z"}, {"uuid": "72699ed0-fcdb-491b-bd60-96e1c6741572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "published-proof-of-concept", "source": "Telegram/oFqwiUXLokWcMdQt8nL3gjZLx_0WSVjYX8iHacHNnEEPeQ", "content": "", "creation_timestamp": "2024-11-05T17:02:54.000000Z"}, {"uuid": "47bccfe3-1f15-4645-8970-69940bbd5041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "published-proof-of-concept", "source": "https://t.me/KomunitiSiber/2816", "content": "Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices\nhttps://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html\n\nTaiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution.\nTracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.\nRISK:STATION is an \"", "creation_timestamp": "2024-11-05T15:11:45.000000Z"}, {"uuid": "b7672393-cb29-4bf9-bdcd-16d246d08983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1044", "type": "seen", "source": "https://t.me/ctinow/197622", "content": "https://ift.tt/5gA6py8\nCVE-2024-1044 | Customer Reviews for WooCommerce Plugin up to 5.38.12 on WordPress submit_review improper authorization", "creation_timestamp": "2024-03-01T14:11:52.000000Z"}, {"uuid": "134a764e-2079-48ad-88d8-524a8f4dfe3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "seen", "source": "https://t.me/thehackernews/5832", "content": "Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. \n \nRead: https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html", "creation_timestamp": "2024-11-05T10:37:25.000000Z"}, {"uuid": "28acbd90-1814-4a19-b113-d2a1d734b122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10443", "type": "exploited", "source": "https://t.me/Russian_OSINT/4816", "content": "\u2757\ufe0f\u041d\u0430 Pwn2Own \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 zero-day \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \ud83d\udda5 Synology NAS\n\n\u041d\u0430 \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446\u0438\u0438 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Pwn2Own Ireland 2024 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c-\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a \u0420\u0438\u043a \u0434\u0435 \u042f\u0433\u0435\u0440 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Midnight Blue \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 NAS Synology DiskStation \u0438 BeeStation, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 root.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u2757\ufe0fzero-click, \u0442\u043e \u0435\u0441\u0442\u044c \u043d\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\ud83e\udda0CVE-2024-10443 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 RISK:STATION \u043e\u0442 Midnight Blue. \n\n\u0422\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 (NAS) Synology \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0431\u0440\u0435\u0448\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 DiskStation \u0438 BeePhotos.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Midnight Blue \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f: \u0434\u043b\u044f DiskStation (\u0432\u0435\u0440\u0441\u0438\u044f SynologyPhotos 1.7.0-0795 \u0438 1.6.2-0720) \u0438 \u0434\u043b\u044f BeeStation (BeePhotos \u0432\u0435\u0440\u0441\u0438\u0438 1.1.0-10053 \u0438 1.0.2-10026). \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b SynologyPhotos / BeePhotos, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u043f\u043e\u0440\u0442\u044b 5000 \u0438 5001 + \u0434\u0435\u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c QuickConnect. \u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0441\u0442\u0430\u043d\u0435\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0432\u043d\u0443\u0442\u0440\u0438 LAN, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043e\u043b\u0443\u0447\u0438\u0442 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u0441\u0435\u0442\u0438.\n\nNAS-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Synology \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u044f\u043c\u044b\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443/QuickConnect \u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043b\u0435\u0433\u043a\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0438\u0445 \u0447\u0435\u0440\u0435\u0437 Shodan \u0438\u043b\u0438 Censys.\n\n\u2194\ufe0f\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Midnight Blue, \u043e\u0442 1 \u0434\u043e 2 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Synology DiskStation \u0438 BeeStation \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443 c\u0435\u0439\u0447\u0430\u0441 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439.\n\n\ud83d\udc49 @Russian_OSINT", "creation_timestamp": "2024-11-05T16:32:05.000000Z"}, {"uuid": "92e2b24c-0fe2-431a-9d7e-3f709637fb95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10441", "type": "seen", "source": "https://t.me/suboxone_chatroom/7500", "content": "CVE-2024-10441: RCE in Synology products, 9.8 rating \ud83d\udd25\n\nSynology DSM and BSM are vulnerable to Improper Encoding or Escaping of Output, which could potentially lead to remote execution of arbitrary code.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/KOa1N\n\ud83d\udc49 Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08\n\nVendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20\n\n\nhttps://t.me/SuBoXoneSoCiety", "creation_timestamp": "2025-04-01T13:17:58.000000Z"}]}