CVE-2024-10445

Severity CVSS v4.0:

Pending analysis

Type:

CWE-295 Improper Certificate Validation

Publication date:

19/03/2025

Last modified:

17/11/2025

Description

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): Low
Availability (A): None

Base Score 3.x

4.30

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:synology:beestation_os:1.0:-::::::
cpe:2.3:o:synology:beestation_os:1.0:65145::::::
cpe:2.3:o:synology:beestation_os:1.0:65149::::::
cpe:2.3:o:synology:beestation_os:1.0:65162::::::
cpe:2.3:o:synology:beestation_os:1.0.1:65210::::::
cpe:2.3:o:synology:beestation_os:1.0.2:65233::::::
cpe:2.3:o:synology:beestation_os:1.0.2:65235::::::
cpe:2.3:o:synology:beestation_os:1.1:-::::::
cpe:2.3:o:synology:beestation_os:1.1:65373::::::
cpe:2.3:o:synology:diskstation_manager::::::::	6.2 (including)	6.2.4-25556-8 (excluding)
cpe:2.3:o:synology:diskstation_manager::::::::	7.2 (including)	7.2-64570-4 (excluding)
cpe:2.3:o:synology:diskstation_manager::::::::	7.2.1-69057 (including)	7.2.1-69057-6 (excluding)
cpe:2.3:o:synology:diskstation_manager::::::::	7.2.2 (including)	7.2.2-72806-1 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:synology:beestation_os:1.0:-::::::
cpe:2.3:o:synology:beestation_os:1.0:65145::::::
cpe:2.3:o:synology:beestation_os:1.0:65149::::::
cpe:2.3:o:synology:beestation_os:1.0:65162::::::
cpe:2.3:o:synology:beestation_os:1.0.1:65210::::::
cpe:2.3:o:synology:beestation_os:1.0.2:65233::::::
cpe:2.3:o:synology:beestation_os:1.0.2:65235::::::
cpe:2.3:o:synology:beestation_os:1.1:-::::::
cpe:2.3:o:synology:beestation_os:1.1:65373::::::
cpe:2.3:o:synology:diskstation_manager::::::::	6.2 (including)	6.2.4-25556-8 (excluding)
cpe:2.3:o:synology:diskstation_manager::::::::	7.2 (including)	7.2-64570-4 (excluding)
cpe:2.3:o:synology:diskstation_manager::::::::	7.2.1-69057 (including)	7.2.1-69057-6 (excluding)
cpe:2.3:o:synology:diskstation_manager::::::::	7.2.2 (including)	7.2.2-72806-1 (excluding)

CVE-2024-10445

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools