Security News > 2024 > November > Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
2024-11-05 09:34
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an "
News URL
https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-10443 | Command Injection vulnerability in Synology Beephotos and Photos Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |