CVE-2024-10443

Published Nov 15, 2024

Last updated 2 days ago

Overview

Description
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Source
security@synology.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@synology.com
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2024-10443

    @transilienceai

    17 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2024-10443 Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 a… https://t.co/9XwUDdUJEk

    @CVEnew

    15 Nov 2024

    294 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. أصدرت شركة Synology تصحيحًا لثغرة أمنية خطيرة (CVE-2024-10443) تؤثر على ملايين أجهزة NAS، والتي تسمح بتنفيذ التعليمات البرمجية عن بُعد دون تفاعل المستخدم. اقرأ: https://t.co/HzRadiNojZ

    @CERT_Arabic

    10 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching https://t.co/YgvdMmCZE4 Overview A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed "RISK:STATION," poses a significant threat to Synology NAS users worldwide…

    @f1tym1

    7 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2024-10443

    @transilienceai

    6 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨CVE Alert: Critical Synology Remote Code Execution Zero-day Vulnerability 🚨 Vulnerability Details: CVE-2024-10443(Critical) Synology Remote Code Execution Vulnerability Impact A successful exploit allow attackers to gain access to the devices to steal sensitive data.… https:

    @CyberxtronTech

    6 Nov 2024

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) https://t.co/s52LVgk5pO

    @McsCapsuleTech

    6 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Synology Urges Patch for Critical Zero-Click RCE Flaw (CVE-2024-10443) Affecting Millions of NAS Devices. The vulnerability CVE-2024-10443 affects Synology's DiskStation and BeeStation network attached storage (NAS) devices. It is classified as a zero-click flaw, meaning no…

    @IntCyberDigest

    5 Nov 2024

    310 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Security Alert: Millions of Synology NAS Devices Exposed to Zero-Click Attacks! Learn more about CVE-2024-10443 and how to protect your data. Read The Full Article Here: https://t.co/8OecZECpKf #CyberSecurity #SynologyAlert #ZeroClickAttack #DataProtection https://t.co/ZxQ7CJYML

    @technijian_

    5 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. TheHackersNews: Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. Read: https://t.co/NQtvesMxPL #infosec #cybersecurity #hacking

    @jvquantum

    5 Nov 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. Read: https://t.co/i0EPEMJpvg #infosec #cybersecurity #hacking

    @TheHackersNews

    5 Nov 2024

    42186 Impressions

    56 Retweets

    100 Likes

    26 Bookmarks

    1 Reply

    4 Quotes

  12. Threat Alert: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-1044 CVE-2024-10443 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/IzjNl6VD59 #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    5 Nov 2024

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Millions of #Synology NAS #devices vulnerable to zero-click attacks (#CVE-2024-10443) https://t.co/NGEQyFt50e

    @ScyScan

    4 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. #ITSecurity patch available for CVE-2024-10443 ; Synology Photos and BeePhotos for BeeStation software.

    @seaarepea

    3 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes