CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20	Vendor Advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:synology:beestation_os:1.0:-::::::
	cpe:2.3:o:synology:beestation_os:1.0:65145::::::
	cpe:2.3:o:synology:beestation_os:1.0:65149::::::
	cpe:2.3:o:synology:beestation_os:1.0:65162::::::
	cpe:2.3:o:synology:beestation_os:1.0.1:65210::::::
	cpe:2.3:o:synology:beestation_os:1.0.2:65233::::::
	cpe:2.3:o:synology:beestation_os:1.0.2:65235::::::
	cpe:2.3:o:synology:beestation_os:1.1:-::::::
	cpe:2.3:o:synology:beestation_os:1.1:65373::::::
	cpe:2.3:o:synology:diskstation_manager::::::::
	cpe:2.3:o:synology:diskstation_manager::::::::
	cpe:2.3:o:synology:diskstation_manager::::::::

History

17 Nov 2025, 13:43

Type	Values Removed	Values Added
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 - Vendor Advisory
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 - Vendor Advisory
First Time		Synology Synology beestation Os Synology diskstation Manager
CPE		cpe:2.3:o:synology:beestation_os:1.0.2:65235:::::: cpe:2.3:o:synology:diskstation_manager:::::::: cpe:2.3:o:synology:beestation_os:1.1:65373:::::: cpe:2.3:o:synology:beestation_os:1.1:-:::::: cpe:2.3:o:synology:beestation_os:1.0:65162:::::: cpe:2.3:o:synology:beestation_os:1.0:65149:::::: cpe:2.3:o:synology:beestation_os:1.0.1:65210:::::: cpe:2.3:o:synology:beestation_os:1.0:-:::::: cpe:2.3:o:synology:beestation_os:1.0.2:65233:::::: cpe:2.3:o:synology:beestation_os:1.0:65145::::::

27 Mar 2025, 09:15

Type	Values Removed	Values Added
Summary	(en) Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to execute arbitrary code via unspecified vectors.	(en) Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.

20 Mar 2025, 04:15

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de codificación o escape incorrecto de la salida en system plugin daemon en Synology BeeStation Manager (BSM) anterior a 1.1-65374, Synology DiskStation Manager (DSM) anterior a 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 y 7.2.2-72806-1 y Synology Unified Controller (DSMUC) anterior a 3.1.4-23079 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.
Summary	(en) Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.	(en) Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to execute arbitrary code via unspecified vectors.

19 Mar 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 02:15

Updated : 2025-11-17 13:43

NVD link : CVE-2024-10441

Mitre link : CVE-2024-10441

CVE.ORG link : CVE-2024-10441

JSON object : View

Products Affected

synology

diskstation_manager
beestation_os

CWE

CWE-116

Improper Encoding or Escaping of Output

9.8 /10