Security News > 2024 > November > Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)
2024-11-04 14:04
Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at Midnight Blue, and has been exploited at the Pwn2Own Ireland 2024 hacking competition ten days ago. The specifics of CVE-2024-10443 are under wraps for the moment, but we know that it may allow unauthenticated attackers to … More → The post Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/04/cve-2024-10443/
Related news
- Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)