AI description
CVE-2024-50629 is an improper encoding or escaping of output vulnerability found in the webapi component of Synology products. The vulnerability affects Synology BeeStation Manager (BSM) before version 1.1-65374, Synology DiskStation Manager (DSM) before versions 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6, and 7.2.2-72806-1, and Synology Unified Controller (DSMUC) before 3.1.4-23079. This vulnerability allows remote attackers to read limited files through unspecified vectors. The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly, which results in the intended structure of the message not being preserved.
- Description
- Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.
- Source
- security@synology.com
- NVD status
- Analyzed
- Products
- beestation_os, diskstation_manager
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@synology.com
- CWE-116
- Hype score
- Not currently trending
Writing Sync, Popping Cron: DEVCORE's Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) https://t.co/54RfKS7n5a: #exploitation #exploit #rce #cve #informationsecurity #cybersecurity #webapp #websec https://t.co/cvya1wMNTK
@blackstormsecbr
4 Jan 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Writing Sync, Popping Cron: DEVCORE's Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) - @kiddo_pwn https://t.co/wBH6HtUleN
@pentest_swissky
4 Jan 2026
2686 Impressions
5 Retweets
17 Likes
8 Bookmarks
1 Reply
0 Quotes
Writing Sync, Popping Cron: DEVCORE's Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) by @kiddo_pwn https://t.co/1XqUpoVGpx https://t.co/f3SPMmWyKB
@alexjplaskett
15 Dec 2025
5217 Impressions
15 Retweets
70 Likes
41 Bookmarks
0 Replies
0 Quotes
GitHub - kiddo-pwn/CVE-2024-50629_50631: N-day Exploit for Synology BeeStation RCE by DEVCORE (Pwn2Own 2024) https://t.co/KvarmJeLgR
@akaclandestine
2 Dec 2025
1795 Impressions
6 Retweets
27 Likes
10 Bookmarks
0 Replies
0 Quotes
My very first blog post is live: https://t.co/Ud0Iffh4Gg During research, I've run into and documented a simple universal SQLite Injection RCE trick. Enjoy! N-day Analysis about Synology Beestation RCE (CVE-2024-50629~50631) by legendary DEVCORE 🎃 🍊 Thanks to @u1f383 htt
@kiddo_pwn
1 Dec 2025
15196 Impressions
71 Retweets
270 Likes
114 Bookmarks
10 Replies
0 Quotes
CVE-2024-50629 Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM… https://t.co/WEhr8uesh8
@CVEnew
19 Mar 2025
477 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F498216A-5ABD-4DCB-A149-F4D41D9022E5"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:65145:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1006E9A9-86FB-4580-8278-8865B1646A00"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:65149:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "254081F3-13E2-40ED-A543-11DA03CEA508"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:65162:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41B53AE7-424C-49F5-8F99-3FDA8FCC6D05"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0.1:65210:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF7FFADA-CEB5-4869-9B38-8C58CE4FE673"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65233:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "312D9B7F-DFE1-403E-B78B-5F79423F4E2F"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65235:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12C2383E-4C52-4A8B-8540-597E307C80BD"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6960C0C-01BF-437C-931A-6375ED673513"
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.1:65373:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "327C73CB-CE4C-4909-95E4-0423E47B175D"
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC81EC7F-CE73-416B-BEE9-CDEAE535B548",
"versionEndExcluding": "7.1.1-42962-7",
"versionStartIncluding": "7.1"
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A7DC498-96F4-4BD4-BC5F-A6F44D4240AB",
"versionEndExcluding": "7.2-64570-4",
"versionStartIncluding": "7.2"
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "265810D3-F94D-4023-B53C-F82E32B9A451",
"versionEndExcluding": "7.2.1-69057-6",
"versionStartIncluding": "7.2.1-69057"
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1205204-6FAC-4211-9AAA-1998A106AF9F",
"versionEndExcluding": "7.2.2-72806-1",
"versionStartIncluding": "7.2.2"
}
],
"operator": "OR"
}
]
}
]