5.3
CVE-2024-10445
- EPSS 0.06%
- Veröffentlicht 19.03.2025 02:10:57
- Zuletzt bearbeitet 17.11.2025 13:42:21
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Beestation Os Version1.0 Update-
Synology ≫ Beestation Os Version1.0 Update65145
Synology ≫ Beestation Os Version1.0 Update65149
Synology ≫ Beestation Os Version1.0 Update65162
Synology ≫ Beestation Os Version1.0.1 Update65210
Synology ≫ Beestation Os Version1.0.2 Update65233
Synology ≫ Beestation Os Version1.0.2 Update65235
Synology ≫ Beestation Os Version1.1 Update-
Synology ≫ Beestation Os Version1.1 Update65373
Synology ≫ Diskstation Manager Version >= 6.2 < 6.2.4-25556-8
Synology ≫ Diskstation Manager Version >= 7.2 < 7.2-64570-4
Synology ≫ Diskstation Manager Version >= 7.2.1-69057 < 7.2.1-69057-6
Synology ≫ Diskstation Manager Version >= 7.2.2 < 7.2.2-72806-1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.17 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@synology.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.