CVE-2024-10442: Synology Replication Service Vulnerability Scores Maximum CVSS Rating

Synology has released updated security advisories detailing a critical vulnerability in its Replication Service. The vulnerability allows remote attackers to execute arbitrary commands on affected systems.

The vulnerability, identified as CVE-2024-10442, is an off-by-one error in the transmission component of the Synology Replication Service. It affects Synology Unified Controller (DSMUC) and Replication Service for various versions of Synology DSM.

The CVSS3 Base Score for this vulnerability is 10.0, indicating its critical severity. Successful exploitation could lead to a broader impact across the system. The vulnerability was reported by Jack Dates | RET2 Systems (jack@ret2.io).

The vulnerability impacts the following products:

• DSMUC 3.1
• Replication Service for DSM 7.2
• Replication Service for DSM 7.1
• Replication Service for DSM 6.2

To address this vulnerability, Synology has released the following updates:

• Upgrade DSMUC 3.1 to 3.1.4-23079 or above.
• Upgrade Replication Service for DSM 7.2 to 1.3.0-0423 or above.
• Upgrade Replication Service for DSM 7.1 to 1.2.2-0353 or above.
• Upgrade Replication Service for DSM 6.2 to 1.0.12-0066 or above.

Users of the affected products are strongly recommended to apply the corresponding updates as soon as possible.

Related Posts:

• Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk
• CVE-2024-10441 (CVSS 9.8): Synology Patches Critical Code Execution Flaw in Multiple Products
• Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
• Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After PoC Release
• Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own