10
CVE-2024-10442
- EPSS 0.89%
- Veröffentlicht 19.03.2025 02:14:03
- Zuletzt bearbeitet 16.01.2026 16:50:48
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
LoginOff-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Unified Controller Version < 3.1.4-23079
Synology ≫ Replication Service Version <= 1.0.12-0066
Synology ≫ Replication Service Version < 1.2.2-0353
Syncology ≫ Replication Service Version < 1.3.0-0423
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.89% | 0.751 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.