CVE-2024-10442

CRITICAL EPSS 67.7%

Published Mar 19, 20251y ago · Modified Jun 17, 20261w ago

10.0 CVSS 3.1

Critical

Published Mar 19, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

CVSS Details

Base Score

10.0

Exploitability

3.9

Impact

6.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

67.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-193

Affected Products 8

Vendor	Product	Version	Range
synology	unified_controller	*	<3.1.4-23079
synology	diskstation_manager_unified_controller	3.1	any
synology	replication_service	*	≤1.0.12-0066
synology	diskstation_manager	6.2	any
synology	replication_service	*	<1.2.2-0353
synology	diskstation_manager	7.1	any
syncology	replication_service	*	<1.3.0-0423
synology	diskstation_manager	7.2	any

References 1

synology.com https://www.synology.com/en-global/security/advisory/Synology_SA_24_22

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.