CVE-2024-10443

Published Nov 15, 2024

Last updated 8 months ago

CVSS critical 9.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-10443 is an OS command injection vulnerability found in the Task Manager component of Synology BeePhotos and Synology Photos applications. This flaw allows remote attackers to execute arbitrary code on affected systems. Notably, it is classified as a "zero-click" vulnerability, meaning that successful exploitation does not require any user interaction or authentication. The vulnerability stems from the improper neutralization of special elements used in OS commands. This allows attackers to inject malicious commands through unspecified vectors, bypassing the intended command context. The affected versions include Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053, and Synology Photos before 1.6.2-0720 and 1.7.0-0795.

Description
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Source
security@synology.com
NVD status
Modified
Products
photos, beephotos

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@synology.com
CWE-78
nvd@nist.gov
CWE-77

Social media

Hype score
Not currently trending

  1. 🔸 45[.]137[.]70[.]27:8080 #opendir 🔎 → CVE-2026-24061 (Telnetd Auth Bypass) → CVE-2024-3721 (TBK DVR Command Injection) → CVE-2024-10443 (Synology RCE via Crontab) https://t.co/ybGabCZnj3

    @1ZRR4H

    27 Mar 2026

    6552 Impressions

    20 Retweets

    83 Likes

    60 Bookmarks

    0 Replies

    0 Quotes

  2. Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. Read: https://t.co/k1e1fOdFpu #infosec https://t.co/adnGo8qI4C

    @johnwalshiii

    13 Jan 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. Read: https://t.co/k1e1fOdFpu #infosec https://t.co/tCQ8bdThqF

    @johnwalshiii

    4 Dec 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2024-10443

    @transilienceai

    24 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-10443

    @transilienceai

    20 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Attention Synology Users! A critical zero-click vulnerability (CVE-2024-10443) has been discovered, impacting millions of NAS devices. Known as RISK:STATION, it allows remote code execution without user interaction. https://t.co/BfAYuMcpxq #Synology #Vulnerability #NAS https://t

    @weareaegix

    18 Nov 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2024-10443

    @transilienceai

    17 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. CVE-2024-10443 Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 a… https://t.co/9XwUDdUJEk

    @CVEnew

    15 Nov 2024

    294 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. أصدرت شركة Synology تصحيحًا لثغرة أمنية خطيرة (CVE-2024-10443) تؤثر على ملايين أجهزة NAS، والتي تسمح بتنفيذ التعليمات البرمجية عن بُعد دون تفاعل المستخدم. اقرأ: https://t.co/HzRadiNojZ

    @CERT_Arabic

    10 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching https://t.co/YgvdMmCZE4 Overview A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed "RISK:STATION," poses a significant threat to Synology NAS users worldwide…

    @f1tym1

    7 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2024-10443

    @transilienceai

    6 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. 🚨CVE Alert: Critical Synology Remote Code Execution Zero-day Vulnerability 🚨 Vulnerability Details: CVE-2024-10443(Critical) Synology Remote Code Execution Vulnerability Impact A successful exploit allow attackers to gain access to the devices to steal sensitive data.… https:

    @CyberxtronTech

    6 Nov 2024

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) https://t.co/s52LVgk5pO

    @McsCapsuleTech

    6 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Synology Urges Patch for Critical Zero-Click RCE Flaw (CVE-2024-10443) Affecting Millions of NAS Devices. The vulnerability CVE-2024-10443 affects Synology's DiskStation and BeeStation network attached storage (NAS) devices. It is classified as a zero-click flaw, meaning no…

    @IntCyberDigest

    5 Nov 2024

    310 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Security Alert: Millions of Synology NAS Devices Exposed to Zero-Click Attacks! Learn more about CVE-2024-10443 and how to protect your data. Read The Full Article Here: https://t.co/8OecZECpKf #CyberSecurity #SynologyAlert #ZeroClickAttack #DataProtection https://t.co/ZxQ7CJYML

    @technijian_

    5 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. TheHackersNews: Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. Read: https://t.co/NQtvesMxPL #infosec #cybersecurity #hacking

    @jvquantum

    5 Nov 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction. Read: https://t.co/i0EPEMJpvg #infosec #cybersecurity #hacking

    @TheHackersNews

    5 Nov 2024

    42186 Impressions

    56 Retweets

    100 Likes

    26 Bookmarks

    1 Reply

    4 Quotes

  18. Threat Alert: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-1044 CVE-2024-10443 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/IzjNl6VD59 #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    5 Nov 2024

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Millions of #Synology NAS #devices vulnerable to zero-click attacks (#CVE-2024-10443) https://t.co/NGEQyFt50e

    @ScyScan

    4 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. #ITSecurity patch available for CVE-2024-10443 ; Synology Photos and BeePhotos for BeeStation software.

    @seaarepea

    3 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.