- Description
- Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
- Source
- security@synology.com
- NVD status
- Analyzed
- Products
- unified_controller, replication_service, replication_service
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@synology.com
- CWE-193
- Hype score
- Not currently trending
Synology DS1823xs+ NAS 上实现 root 权限的远程代码执行 2024 年 10 月,我们参加了 Pwn2Own Ireland 2024 并成功利用 Synology DiskStation DS1823xs+ 实现了 root 权限的远程代码执行。该漏洞已被修复,编号为 CVE-2024-10442。 telegram 技术
@hacker_336T
9 Jul 2025
1723 Impressions
0 Retweets
22 Likes
0 Bookmarks
0 Replies
0 Quotes
Synology DiskStation の脆弱性 CVE-2024-10442 (CVSS 10) が FIX:Zero-Click RCE と PoC https://t.co/UvJvbxMG1T Synology NAS 製品に、CVSS スコア最高値の 10.0のゼロクリック脆弱性が発生しています。ユーザーの操作なしにリモートでコー
@iototsecnews
14 May 2025
166 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10442 (CVSS 10): Zero-Click RCE in Synology DiskStation, PoC Publishes https://t.co/BqL6NnqR1k
@the_yellow_fall
1 May 2025
7606 Impressions
41 Retweets
131 Likes
48 Bookmarks
1 Reply
2 Quotes
New blogpost! Want to see how we exploited @Synology network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 https://t.co/VOhC5NSCat
@ret2systems
23 Apr 2025
9361 Impressions
51 Retweets
217 Likes
80 Bookmarks
0 Replies
0 Quotes
Synology Replication Service の脆弱性 CVE-2024-10442 が FIX:任意のコマンド実行 https://t.co/xOPd8e0yqr @iototsecnewsより
@Syynya
31 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Synology Replication Service の脆弱性 CVE-2024-10442 が FIX:任意のコマンド実行 https://t.co/eNvVP7QVwB このブログでは初登場の Synology Replication Service
@iototsecnews
31 Mar 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ A critical vulnerability (CVE-2024-10442) in Synology's Replication Service allows remote command execution. Affected versions include DSMUC 3.1 and DSM 6.2, 7. CVSS 10.0 severity. #Synology #CyberRisk #USA link: https://t.co/3v3CyGHVAz https://t.co/tkmuwJw505
@TweetThreatNews
22 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SynologyはReplication Serviceの重大な脆弱性CVE-2024-10442を公表した。これはオフバイワンエラーにより、遠隔から任意のコマンド実行が可能となる問題である。CVSSスコアは10.0と極めて深刻で、DSMUC 3.1やDSM向けReplication Service各バージョンが影響を受ける。 https://t.co/jIQrCj1cLG
@yousukezan
21 Mar 2025
1108 Impressions
7 Retweets
16 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10442 03/19/2025 03:15:11 AM BaseSeverity: CRITICAL Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Sy... https://t.co/5T8ZX7gJqt
@CVETracker
19 Mar 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10442 Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Contro… https://t.co/zl4J21ZZ0K
@CVEnew
19 Mar 2025
453 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10442: CRITICAL] Critical vulnerability found in Synology Replication Service and Synology Unified Controller (DSMUC) allows remote attackers to execute arbitrary code, posing a serious cyber threat.#cybersecurity,#vulnerability https://t.co/Ckpob1iDPf https://t.co/hESu
@CveFindCom
19 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:unified_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819A9BB9-6FAE-4F70-9C08-BCF9F8DE8F8C",
"versionEndExcluding": "3.1.4-23079",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:diskstation_manager_unified_controller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C199245-E7B1-496C-9977-F422B0F7DB08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B038C0B-1F79-4870-BD3F-9496274651D6",
"versionEndIncluding": "1.0.12-0066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A1281-F888-4140-88E3-993DEA60F6BD",
"versionEndExcluding": "1.2.2-0353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10C4B055-D99B-4D58-811C-DD323A68A890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:syncology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43FA757B-41C7-486F-B258-744D34AACB2B",
"versionEndExcluding": "1.3.0-0423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C262042-304B-49DC-BB4B-655C5C36D88C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]