9.8
CVE-2024-10441
- EPSS 0.54%
- Veröffentlicht 19.03.2025 02:09:56
- Zuletzt bearbeitet 17.11.2025 13:43:41
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Beestation Os Version1.0 Update-
Synology ≫ Beestation Os Version1.0 Update65145
Synology ≫ Beestation Os Version1.0 Update65149
Synology ≫ Beestation Os Version1.0 Update65162
Synology ≫ Beestation Os Version1.0.1 Update65210
Synology ≫ Beestation Os Version1.0.2 Update65233
Synology ≫ Beestation Os Version1.0.2 Update65235
Synology ≫ Beestation Os Version1.1 Update-
Synology ≫ Beestation Os Version1.1 Update65373
Synology ≫ Diskstation Manager Version >= 7.2 < 7.2-64570-4
Synology ≫ Diskstation Manager Version >= 7.2.1-69057 < 7.2.1-69057-6
Synology ≫ Diskstation Manager Version >= 7.2.2 < 7.2.2-72806-1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.667 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.