CVE-2024-10441
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/03/2025
Last modified:
17/11/2025
Description
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:synology:beestation_os:1.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.0:65145:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.0:65149:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.0:65162:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.0.1:65210:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.0.2:65233:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.0.2:65235:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.1:-:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:beestation_os:1.1:65373:*:*:*:*:*:* | ||
| cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:* | 7.2 (including) | 7.2-64570-4 (excluding) |
| cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:* | 7.2.1-69057 (including) | 7.2.1-69057-6 (excluding) |
| cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:* | 7.2.2 (including) | 7.2.2-72806-1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page