First published: Fri Nov 15 2024(Updated: )
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Synology Photos Diskstation Manager | <1.6.2-0720 | |
Synology Photos Diskstation Manager | =7.2 | |
All of | ||
Synology Beestation OS | <1.1.0-10053 | |
Synology Beestation OS | =1.1 | |
All of | ||
Synology Beestation OS | <1.0.2-10026 | |
Synology Beestation OS | =1.0 | |
All of | ||
Synology Photos Diskstation Manager | <1.7.0-0795 | |
Synology Photos Diskstation Manager | =7.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-10443 is considered critical due to its potential for remote code execution.
To fix CVE-2024-10443, update to Synology BeePhotos version 1.0.2-10026 or later and Synology Photos version 1.6.2-0720 or later.
CVE-2024-10443 affects Synology BeePhotos and Synology Photos versions prior to specified fixes.
Yes, CVE-2024-10443 can be exploited remotely, allowing attackers to execute arbitrary code.
CVE-2024-10443 is classified as a command injection vulnerability.