Summary: Synology has issued security advisories regarding a critical vulnerability (CVE-2024-10442) in its Replication Service, allowing remote attackers to execute arbitrary commands on affected systems. The vulnerability affects various versions of Synology DSM and has a CVSS3 Base Score of 10.0, signifying its severity. Users are urged to urgently apply updates to mitigate potential risks.
Affected: Synology Unified Controller (DSMUC) and Replication Service for various versions of Synology DSM
Keypoints :
- Vulnerability identified as CVE-2024-10442 is an off-by-one error in the transmission component.
- Impacted products include DSMUC 3.1 and Replication Service for DSM versions 6.2, 7.1, and 7.2.
- Recommended upgrades include DSMUC 3.1 to 3.1.4-23079 and Replication Service versions to their respective latest releases.
- Reported vulnerability by Jack Dates from RET2 Systems.