Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 19/03/2025 Updated: 19/03/2025

Synology Replication Service and DSMUC Off-by-One Remote Code Execution Vulnerability

An off-by-one error vulnerability exists in Synology Replication Service versions before 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423, as well as in Synology Unified Controller (DSMUC) versions before 3.1.4-23079. This vulnerability in the transmission component could allow remote attackers to execute arbitrary code through unspecified attack vectors. The flaw may potentially enable attackers to compromise the system more extensively, presenting a significant security risk for users of these Synology products.

This exploit was successfully submitted during Pwn2Own Ireland 2024 against the Synology DiskStation DS1823xs+ A blog post covers the details of the exploit The bug was assigned CVE-2024-10442 Synology's advisory can be found here

CWE-193 https://nvd.nist.gov https://github.com/ret2/Pwn2Own-Ireland2024-DiskStation https://www.zerodayinitiative.com/advisories/ZDI-25-208/https://www.first.org/epss https://www.synology.com/en-global/security/advisory/Synology_SA_24_22

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-10442

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect