CVE-2024-10441 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
synology	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Vendor	Product	Version
synology	beestation_os	1.0
synology	beestation_os	1.0:65145
synology	beestation_os	1.0:65149
synology	beestation_os	1.0:65162
synology	beestation_os	1.0.1:65210
synology	beestation_os	1.0.2:65233
synology	beestation_os	1.0.2:65235
synology	beestation_os	1.1
synology	beestation_os	1.1:65373
synology	diskstation_manager	7.2 ≤ 𝑥 < 7.2-64570-4
synology	diskstation_manager	7.2.1-69057 ≤ 𝑥 < 7.2.1-69057-6
synology	diskstation_manager	7.2.2 ≤ 𝑥 < 7.2.2-72806-1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-116 - Improper Encoding or Escaping of Output
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_20

https://www.synology.com/en-global/security/advisory/Synology_SA_24_23