AI description
CVE-2024-10442 is an off-by-one error vulnerability found in the transmission component of Synology Replication Service and Synology Unified Controller (DSMUC). This vulnerability affects Synology Replication Service versions before 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423, as well as Synology Unified Controller (DSMUC) versions before 3.1.4-23079. The flaw allows unauthenticated remote attackers to potentially execute arbitrary code on affected systems. This is due to improper bounds checking, which could permit an attacker to write data beyond the allocated buffer by sending a specially crafted input.
- Description
- Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
- Source
- security@synology.com
- NVD status
- Analyzed
- Products
- unified_controller, replication_service, replication_service
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@synology.com
- CWE-193
- Hype score
- Not currently trending
Synology DS1823xs+ NAS 上实现 root 权限的远程代码执行 2024 年 10 月,我们参加了 Pwn2Own Ireland 2024 并成功利用 Synology DiskStation DS1823xs+ 实现了 root 权限的远程代码执行。该漏洞已被修复,编号为 CVE-2024-10442。 telegram 技术
@hacker_336T
9 Jul 2025
1723 Impressions
0 Retweets
22 Likes
0 Bookmarks
0 Replies
0 Quotes
Synology DiskStation の脆弱性 CVE-2024-10442 (CVSS 10) が FIX:Zero-Click RCE と PoC https://t.co/UvJvbxMG1T Synology NAS 製品に、CVSS スコア最高値の 10.0のゼロクリック脆弱性が発生しています。ユーザーの操作なしにリモートでコー
@iototsecnews
14 May 2025
166 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10442 (CVSS 10): Zero-Click RCE in Synology DiskStation, PoC Publishes https://t.co/BqL6NnqR1k
@the_yellow_fall
1 May 2025
7606 Impressions
41 Retweets
131 Likes
48 Bookmarks
1 Reply
2 Quotes
New blogpost! Want to see how we exploited @Synology network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 https://t.co/VOhC5NSCat
@ret2systems
23 Apr 2025
9361 Impressions
51 Retweets
217 Likes
80 Bookmarks
0 Replies
0 Quotes
Synology Replication Service の脆弱性 CVE-2024-10442 が FIX:任意のコマンド実行 https://t.co/xOPd8e0yqr @iototsecnewsより
@Syynya
31 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Synology Replication Service の脆弱性 CVE-2024-10442 が FIX:任意のコマンド実行 https://t.co/eNvVP7QVwB このブログでは初登場の Synology Replication Service
@iototsecnews
31 Mar 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ A critical vulnerability (CVE-2024-10442) in Synology's Replication Service allows remote command execution. Affected versions include DSMUC 3.1 and DSM 6.2, 7. CVSS 10.0 severity. #Synology #CyberRisk #USA link: https://t.co/3v3CyGHVAz https://t.co/tkmuwJw505
@TweetThreatNews
22 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SynologyはReplication Serviceの重大な脆弱性CVE-2024-10442を公表した。これはオフバイワンエラーにより、遠隔から任意のコマンド実行が可能となる問題である。CVSSスコアは10.0と極めて深刻で、DSMUC 3.1やDSM向けReplication Service各バージョンが影響を受ける。 https://t.co/jIQrCj1cLG
@yousukezan
21 Mar 2025
1108 Impressions
7 Retweets
16 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10442 03/19/2025 03:15:11 AM BaseSeverity: CRITICAL Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Sy... https://t.co/5T8ZX7gJqt
@CVETracker
19 Mar 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10442 Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Contro… https://t.co/zl4J21ZZ0K
@CVEnew
19 Mar 2025
453 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10442: CRITICAL] Critical vulnerability found in Synology Replication Service and Synology Unified Controller (DSMUC) allows remote attackers to execute arbitrary code, posing a serious cyber threat.#cybersecurity,#vulnerability https://t.co/Ckpob1iDPf https://t.co/hESu
@CveFindCom
19 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:unified_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819A9BB9-6FAE-4F70-9C08-BCF9F8DE8F8C",
"versionEndExcluding": "3.1.4-23079",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:diskstation_manager_unified_controller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C199245-E7B1-496C-9977-F422B0F7DB08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B038C0B-1F79-4870-BD3F-9496274651D6",
"versionEndIncluding": "1.0.12-0066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A1281-F888-4140-88E3-993DEA60F6BD",
"versionEndExcluding": "1.2.2-0353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10C4B055-D99B-4D58-811C-DD323A68A890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:syncology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43FA757B-41C7-486F-B258-744D34AACB2B",
"versionEndExcluding": "1.3.0-0423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C262042-304B-49DC-BB4B-655C5C36D88C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]