Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.
References
| Link | Resource |
|---|---|
| https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 | Vendor Advisory |
| https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Nov 2025, 13:42
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Synology diskstation Manager
Synology beestation Os Synology |
|
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 - Vendor Advisory | |
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 - Vendor Advisory | |
| CPE | cpe:2.3:o:synology:beestation_os:1.1:65373:*:*:*:*:*:* cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0:-:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0:65162:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0.2:65233:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0.2:65235:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.1:-:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0:65145:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0.1:65210:*:*:*:*:*:* cpe:2.3:o:synology:beestation_os:1.0:65149:*:*:*:*:*:* |
Information
Published : 2025-03-19 02:15
Updated : 2025-11-17 13:42
NVD link : CVE-2024-10445
Mitre link : CVE-2024-10445
CVE.ORG link : CVE-2024-10445
JSON object : View
Products Affected
synology
- diskstation_manager
- beestation_os
CWE
CWE-295
Improper Certificate Validation