Security News > 2024 > November > Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)
2024-11-04 14:04
Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at Midnight Blue, and has been exploited at the Pwn2Own Ireland 2024 hacking competition ten days ago. The specifics of CVE-2024-10443 are under wraps for the moment, but we know that it may allow unauthenticated attackers to … More → The post Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/04/cve-2024-10443/
Related news
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-10443 | Command Injection vulnerability in Synology Beephotos and Photos Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |