Summary: Synology has announced critical security updates for several of its products including Synology BeeStation Manager, DiskStation Manager, and Unified Controller, addressing a significant vulnerability that allows remote code execution. The flaw, tracked as CVE-2024-10441, carries a CVSS score of 9.8, highlighting its severity. Users are urged to update their software promptly to mitigate risks associated with this and other vulnerabilities.
Affected: Synology BeeStation Manager, Synology DiskStation Manager, Synology Unified Controller
Keypoints :
- Critical vulnerability CVE-2024-10441 allows remote code execution with a CVSS3 score of 9.8.
- Moderate vulnerability CVE-2024-10445 due to improper certificate validation has a CVSS3 score of 4.3, allowing limited file writes.
- Users are strongly advised to upgrade to the latest software versions to protect against these vulnerabilities.