fkie_nvd - fkie_cve-2024-10441

fkie_cve-2024-10441

Vulnerability from fkie_nvd

Published

2025-03-19 02:15

Modified

2025-11-17 13:43

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.

References

	URL	Tags
	security@synology.com	https://www.synology.com/en-global/security/advisory/Synology_SA_24_20	Vendor Advisory
	security@synology.com	https://www.synology.com/en-global/security/advisory/Synology_SA_24_23	Vendor Advisory

Impacted products

Vendor	Product	Version
synology	beestation_os	1.0
synology	beestation_os	1.0
synology	beestation_os	1.0
synology	beestation_os	1.0
synology	beestation_os	1.0.1
synology	beestation_os	1.0.2
synology	beestation_os	1.0.2
synology	beestation_os	1.1
synology	beestation_os	1.1
synology	diskstation_manager	*
synology	diskstation_manager	*
synology	diskstation_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F498216A-5ABD-4DCB-A149-F4D41D9022E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0:65145:*:*:*:*:*:*",
              "matchCriteriaId": "1006E9A9-86FB-4580-8278-8865B1646A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0:65149:*:*:*:*:*:*",
              "matchCriteriaId": "254081F3-13E2-40ED-A543-11DA03CEA508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0:65162:*:*:*:*:*:*",
              "matchCriteriaId": "41B53AE7-424C-49F5-8F99-3FDA8FCC6D05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0.1:65210:*:*:*:*:*:*",
              "matchCriteriaId": "DF7FFADA-CEB5-4869-9B38-8C58CE4FE673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65233:*:*:*:*:*:*",
              "matchCriteriaId": "312D9B7F-DFE1-403E-B78B-5F79423F4E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65235:*:*:*:*:*:*",
              "matchCriteriaId": "12C2383E-4C52-4A8B-8540-597E307C80BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "E6960C0C-01BF-437C-931A-6375ED673513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:beestation_os:1.1:65373:*:*:*:*:*:*",
              "matchCriteriaId": "327C73CB-CE4C-4909-95E4-0423E47B175D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A7DC498-96F4-4BD4-BC5F-A6F44D4240AB",
              "versionEndExcluding": "7.2-64570-4",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "265810D3-F94D-4023-B53C-F82E32B9A451",
              "versionEndExcluding": "7.2.1-69057-6",
              "versionStartIncluding": "7.2.1-69057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1205204-6FAC-4211-9AAA-1998A106AF9F",
              "versionEndExcluding": "7.2.2-72806-1",
              "versionStartIncluding": "7.2.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de codificaci\u00f3n o escape incorrecto de la salida en system plugin daemon en Synology BeeStation Manager (BSM) anterior a 1.1-65374, Synology DiskStation Manager (DSM) anterior a 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 y 7.2.2-72806-1 y Synology Unified Controller (DSMUC) anterior a 3.1.4-23079 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2024-10441",
  "lastModified": "2025-11-17T13:43:41.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security@synology.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-19T02:15:27.120",
  "references": [
    {
      "source": "security@synology.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_20"
    },
    {
      "source": "security@synology.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_23"
    }
  ],
  "sourceIdentifier": "security@synology.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "security@synology.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-10441 (GCVE-0-2024-10441)

Vulnerability from cvelistv5

Published

2025-03-19 02:09

Modified

2025-03-28 01:06

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-116 - Improper Encoding or Escaping of Output

Summary

References

URL

Tags

	https://www.synology.com/en-global/security/advisory/Synology_SA_24_20	vendor-advisory
	https://www.synology.com/en-global/security/advisory/Synology_SA_24_23	vendor-advisory

Impacted products

Vendor

Product

Version

Synology

DiskStation Manager (DSM)

Version: 7.2.2   ≤
Version: 7.2.1   ≤
Version: 7.2   ≤
Version: 7.1   ≤

Synology

BeeStation OS (BSM)

Version: 1.1 ≤
Version: 1.0 ≤

Show details on NVD website