Security Alert (A24-11-04): Multiple Vulnerabilities in Synology Products


 

Published on: 06 November 2024

  
  

Description:

Synology has published security advisories to address multiple vulnerabilities in Synology products. The list of patches can be found at:
https://www.synology.com/en-us/security/advisory/Synology_SA_24_18
https://www.synology.com/en-us/security/advisory/Synology_SA_24_19
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_20
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_21
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_22
https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_23

 

Affected Systems:

  • Synology DiskStation Manager (DSM) 7.1 versions, and 7.2 versions prior to 7.2.2-72806-1
  • Synology BeeStation OS versions prior to 1.1-65374
  • Synology BeePhotos versions prior to 1.0.2-10026 for BeeStation OS 1.0, and versions prior to 1.1.0-10053 for BeeStation OS 1.1
  • Synology DiskStation Manager Unified Controller (DSMUC) 3.1 versions
  • Synology Drive Server for DSM 7.1, and versions prior to 3.5.1-26102 for DSM 7.2
  • Synology Photos versions prior to 1.6.2-0720 or 1.7.0-0795 for DSM 7.2
  • Synology Replication Service versions prior to 1.2.2-0353 for DSM 7.1, and versions prior to 1.3.0-0423 for DSM 7.2

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure or tampering on an affected system.

 

Recommendation:

System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

Patches for some affected systems are not yet available for download and are scheduled to be released within November 2024. Affected users should keep abreast of the Synology website for the availability of patches, and apply the patches when available.

As a security best practice, system administrators and users are also advised to disable the unnecessary Internet access to the administration interface and user portal of Synology devices.

 

More Information:

  • https://www.synology.com/en-us/security/advisory/Synology_SA_24_18
  • https://www.synology.com/en-us/security/advisory/Synology_SA_24_19
  • https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_20
  • https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_21
  • https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_22
  • https://www.synology.com/zh-hk/security/advisory/Synology_SA_24_23
  • https://www.hkcert.org/security-bulletin/synology-products-remote-code-execution-vulnerability_20241104
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10443


Tag: Synology , DSM , BeeStation , BeePhotos , DSMUC , Drive Server , Replication Service
Tags