Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

Published

2025-03-19T02:15:28.413

Last Modified

2025-11-17T13:42:21.847

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	synology	beestation_os	1.0	Yes
Operating System	synology	beestation_os	1.0	Yes
Operating System	synology	beestation_os	1.0	Yes
Operating System	synology	beestation_os	1.0	Yes
Operating System	synology	beestation_os	1.0.1	Yes
Operating System	synology	beestation_os	1.0.2	Yes
Operating System	synology	beestation_os	1.0.2	Yes
Operating System	synology	beestation_os	1.1	Yes
Operating System	synology	beestation_os	1.1	Yes
Operating System	synology	diskstation_manager	< 6.2.4-25556-8	Yes
Operating System	synology	diskstation_manager	< 7.2-64570-4	Yes
Operating System	synology	diskstation_manager	< 7.2.1-69057-6	Yes
Operating System	synology	diskstation_manager	< 7.2.2-72806-1	Yes

References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 Vendor Advisory ([email protected])
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 Vendor Advisory ([email protected])