CVE-2024-10441
CRITICALDescription
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.
Is your site exposed to CVE-2024-10441?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | beestation_os |
| synology | diskstation_manager |
| synology | diskstation_manager |
| synology | diskstation_manager |
References
Frequently Asked Questions
What is CVE-2024-10441? +
How severe is CVE-2024-10441? +
What products are affected by CVE-2024-10441? +
How do I check if I'm vulnerable to CVE-2024-10441? +
Related Vulnerabilities
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions …
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of …
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires …
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - …
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. …