CVE-2024-10445

Medium CVSS: 4.3

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

Vendor

Synology

Product

Beestation Os

CWE

CWE-295

Yayın Tarihi

2025-03-19 02:15:28

Güncelleme

2025-11-17 13:42:21

Source Identifier

security@synology.com

KEV Date Added

Kategoriler

CWE-295 Beestation Os MEDIUM Synology 2025

Referanslar

https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 https://www.synology.com/en-global/security/advisory/Synology_SA_24_23

Benzer Kayıtlar

Medium

CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read…

Medium

CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users…

High

CVE-2025-54159

Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attack…

High

CVE-2025-54160

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology Bee…

High

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-139…

Medium

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings,…