AI description
CVE-2024-10442 is an off-by-one error vulnerability found in the transmission component of Synology Replication Service and Synology Unified Controller (DSMUC). This vulnerability affects Synology Replication Service versions before 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423, as well as Synology Unified Controller (DSMUC) versions before 3.1.4-23079. The flaw allows unauthenticated remote attackers to potentially execute arbitrary code on affected systems. This is due to improper bounds checking, which could permit an attacker to write data beyond the allocated buffer by sending a specially crafted input.
- Description
- Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
- Source
- security@synology.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@synology.com
- CWE-193
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
21
New blogpost! Want to see how we exploited @Synology network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 https://t.co/VOhC5NSCat
@ret2systems
23 Apr 2025
8237 Impressions
44 Retweets
200 Likes
72 Bookmarks
0 Replies
0 Quotes
Synology Replication Service の脆弱性 CVE-2024-10442 が FIX:任意のコマンド実行 https://t.co/xOPd8e0yqr @iototsecnewsより
@Syynya
31 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Synology Replication Service の脆弱性 CVE-2024-10442 が FIX:任意のコマンド実行 https://t.co/eNvVP7QVwB このブログでは初登場の Synology Replication Service
@iototsecnews
31 Mar 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ A critical vulnerability (CVE-2024-10442) in Synology's Replication Service allows remote command execution. Affected versions include DSMUC 3.1 and DSM 6.2, 7. CVSS 10.0 severity. #Synology #CyberRisk #USA link: https://t.co/3v3CyGHVAz https://t.co/tkmuwJw505
@TweetThreatNews
22 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SynologyはReplication Serviceの重大な脆弱性CVE-2024-10442を公表した。これはオフバイワンエラーにより、遠隔から任意のコマンド実行が可能となる問題である。CVSSスコアは10.0と極めて深刻で、DSMUC 3.1やDSM向けReplication Service各バージョンが影響を受ける。 https://t.co/jIQrCj1cLG
@yousukezan
21 Mar 2025
1108 Impressions
7 Retweets
16 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10442 03/19/2025 03:15:11 AM BaseSeverity: CRITICAL Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Sy... https://t.co/5T8ZX7gJqt
@CVETracker
19 Mar 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10442 Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Contro… https://t.co/zl4J21ZZ0K
@CVEnew
19 Mar 2025
453 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10442: CRITICAL] Critical vulnerability found in Synology Replication Service and Synology Unified Controller (DSMUC) allows remote attackers to execute arbitrary code, posing a serious cyber threat.#cybersecurity,#vulnerability https://t.co/Ckpob1iDPf https://t.co/hESu
@CveFindCom
19 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes