CVE-2024-10441 — Improper Encoding or Escaping of Output in Synology Beestation OS

CWE-116 — Improper Encoding or Escaping of Output3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 31.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Beestation OS Synology Diskstation Manager

Timeline

PublishedMar 19

Description

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5synology/diskstation_manager7.2.2 — 7.2.2-72806-1+3

▶NVDsynology/diskstation_manager7.2 — 7.2-64570-4+2

▶CVEListV5synology/beestation_os1.1 — 1.1-65374+1

▶NVDsynology/beestation_os4 versions+3

🔴Vulnerability Details

GHSA

GHSA-3hx6-3qqx-qhvf: Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation Manager (BSM) before 1↗2025-03-19

▶

CVEList

CVE-2024-10441: Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1↗2025-03-19

▶