CVE-2024-50629
Published Mar 19, 2025
Last updated 4 months ago
- Description
- Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.
- Source
- security@synology.com
- NVD status
- Analyzed
- Products
- beestation_os, diskstation_manager
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@synology.com
- CWE-116
- Hype score
- Not currently trending
Exploiting the Synology BeeStation (BST150-4T), CRLF injection, auth bypass, and SQLite injection to RCE (CVE-2024-50629~50631) https://t.co/5XndShYxFx Credits @kiddo_pwn @infosec https://t.co/Z415KhbcLy
@0xor0ne
6 Mar 2026
6483 Impressions
33 Retweets
140 Likes
69 Bookmarks
1 Reply
0 Quotes
Writing Sync, Popping Cron: DEVCORE's Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) https://t.co/54RfKS7n5a: #exploitation #exploit #rce #cve #informationsecurity #cybersecurity #webapp #websec https://t.co/cvya1wMNTK
@blackstormsecbr
4 Jan 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Writing Sync, Popping Cron: DEVCORE's Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) - @kiddo_pwn https://t.co/wBH6HtUleN
@pentest_swissky
4 Jan 2026
2686 Impressions
5 Retweets
17 Likes
8 Bookmarks
1 Reply
0 Quotes
Writing Sync, Popping Cron: DEVCORE's Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) by @kiddo_pwn https://t.co/1XqUpoVGpx https://t.co/f3SPMmWyKB
@alexjplaskett
15 Dec 2025
5217 Impressions
15 Retweets
70 Likes
41 Bookmarks
0 Replies
0 Quotes
GitHub - kiddo-pwn/CVE-2024-50629_50631: N-day Exploit for Synology BeeStation RCE by DEVCORE (Pwn2Own 2024) https://t.co/KvarmJeLgR
@akaclandestine
2 Dec 2025
1795 Impressions
6 Retweets
27 Likes
10 Bookmarks
0 Replies
0 Quotes
My very first blog post is live: https://t.co/Ud0Iffh4Gg During research, I've run into and documented a simple universal SQLite Injection RCE trick. Enjoy! N-day Analysis about Synology Beestation RCE (CVE-2024-50629~50631) by legendary DEVCORE 🎃 🍊 Thanks to @u1f383 htt
@kiddo_pwn
1 Dec 2025
15196 Impressions
71 Retweets
270 Likes
114 Bookmarks
10 Replies
0 Quotes
CVE-2024-50629 Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM… https://t.co/WEhr8uesh8
@CVEnew
19 Mar 2025
477 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F498216A-5ABD-4DCB-A149-F4D41D9022E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:65145:*:*:*:*:*:*",
"matchCriteriaId": "1006E9A9-86FB-4580-8278-8865B1646A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:65149:*:*:*:*:*:*",
"matchCriteriaId": "254081F3-13E2-40ED-A543-11DA03CEA508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0:65162:*:*:*:*:*:*",
"matchCriteriaId": "41B53AE7-424C-49F5-8F99-3FDA8FCC6D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0.1:65210:*:*:*:*:*:*",
"matchCriteriaId": "DF7FFADA-CEB5-4869-9B38-8C58CE4FE673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65233:*:*:*:*:*:*",
"matchCriteriaId": "312D9B7F-DFE1-403E-B78B-5F79423F4E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65235:*:*:*:*:*:*",
"matchCriteriaId": "12C2383E-4C52-4A8B-8540-597E307C80BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E6960C0C-01BF-437C-931A-6375ED673513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:beestation_os:1.1:65373:*:*:*:*:*:*",
"matchCriteriaId": "327C73CB-CE4C-4909-95E4-0423E47B175D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC81EC7F-CE73-416B-BEE9-CDEAE535B548",
"versionEndExcluding": "7.1.1-42962-7",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7DC498-96F4-4BD4-BC5F-A6F44D4240AB",
"versionEndExcluding": "7.2-64570-4",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265810D3-F94D-4023-B53C-F82E32B9A451",
"versionEndExcluding": "7.2.1-69057-6",
"versionStartIncluding": "7.2.1-69057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1205204-6FAC-4211-9AAA-1998A106AF9F",
"versionEndExcluding": "7.2.2-72806-1",
"versionStartIncluding": "7.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]