CVE-2024-10445
MEDIUMSynology Beestation OS - Improper Certificate Validation
Title source: ruleDescription
Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.
Scores
CVSS v3
4.3
EPSS
0.0006
EPSS Percentile
16.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Classification
CWE
CWE-295
Status
published
Affected Products (10)
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/beestation_os
synology/diskstation_manager
< 6.2.4-25556-8
Timeline
Published
Mar 19, 2025
Tracked Since
Feb 18, 2026