Search criteria
3 vulnerabilities found for replication_service by syncology
CVE-2024-10442 (GCVE-0-2024-10442)
Vulnerability from nvd – Published: 2025-03-19 02:14 – Updated: 2025-03-19 14:13
VLAI?
Summary
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
Severity ?
10 (Critical)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Synology | Unified Controller (DSMUC) |
Affected:
3.1 , < 3.1.4-23079
(semver)
Unknown: 0 , < 3.1 (semver) |
|||||||
|
|||||||||
Credits
Jack Dates | RET2 Systems jack@ret2.io
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:05:08.214212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:13:16.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Unified Controller (DSMUC)",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.1.4-23079",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "3.1",
"status": "unknown",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Replication Service",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.2-0353",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "1.0.12-0066",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "1.3.0-0423",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Dates | RET2 Systems jack@ret2.io"
}
],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T02:14:03.691Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"name": "Synology-SA-24:22 Replication Service (PWN2OWN 2024)",
"tags": [
"vendor-advisory"
],
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2024-10442",
"datePublished": "2025-03-19T02:14:03.691Z",
"dateReserved": "2024-10-28T02:29:33.711Z",
"dateUpdated": "2025-03-19T14:13:16.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-10442
Vulnerability from fkie_nvd - Published: 2025-03-19 03:15 - Updated: 2026-01-16 16:50
Severity ?
Summary
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| security@synology.com | https://www.synology.com/en-global/security/advisory/Synology_SA_24_22 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synology | unified_controller | * | |
| synology | diskstation_manager_unified_controller | 3.1 | |
| synology | replication_service | * | |
| synology | diskstation_manager | 6.2 | |
| synology | replication_service | * | |
| synology | diskstation_manager | 7.1 | |
| syncology | replication_service | * | |
| synology | diskstation_manager | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:unified_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819A9BB9-6FAE-4F70-9C08-BCF9F8DE8F8C",
"versionEndExcluding": "3.1.4-23079",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:diskstation_manager_unified_controller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C199245-E7B1-496C-9977-F422B0F7DB08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B038C0B-1F79-4870-BD3F-9496274651D6",
"versionEndIncluding": "1.0.12-0066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A1281-F888-4140-88E3-993DEA60F6BD",
"versionEndExcluding": "1.2.2-0353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10C4B055-D99B-4D58-811C-DD323A68A890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:syncology:replication_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43FA757B-41C7-486F-B258-744D34AACB2B",
"versionEndExcluding": "1.3.0-0423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C262042-304B-49DC-BB4B-655C5C36D88C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors."
},
{
"lang": "es",
"value": "La vulnerabilidad de error de uno en uno en el componente de transmisi\u00f3n en Synology Replication Service anterior a 1.0.12-0066, 1.2.2-0353 y 1.3.0-0423 y Synology Unified Controller (DSMUC) anterior a 3.1.4-23079 permite a atacantes remotos ejecutar c\u00f3digo arbitrario, lo que podr\u00eda generar un impacto m\u00e1s amplio en todo el sistema a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2024-10442",
"lastModified": "2026-01-16T16:50:48.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security@synology.com",
"type": "Secondary"
}
]
},
"published": "2025-03-19T03:15:11.790",
"references": [
{
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_22"
}
],
"sourceIdentifier": "security@synology.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "security@synology.com",
"type": "Secondary"
}
]
}
CVE-2024-10442 (GCVE-0-2024-10442)
Vulnerability from cvelistv5 – Published: 2025-03-19 02:14 – Updated: 2025-03-19 14:13
VLAI?
Summary
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
Severity ?
10 (Critical)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Synology | Unified Controller (DSMUC) |
Affected:
3.1 , < 3.1.4-23079
(semver)
Unknown: 0 , < 3.1 (semver) |
|||||||
|
|||||||||
Credits
Jack Dates | RET2 Systems jack@ret2.io
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:05:08.214212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:13:16.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Unified Controller (DSMUC)",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.1.4-23079",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "3.1",
"status": "unknown",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Replication Service",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.2-0353",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "1.0.12-0066",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "1.3.0-0423",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Dates | RET2 Systems jack@ret2.io"
}
],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T02:14:03.691Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"name": "Synology-SA-24:22 Replication Service (PWN2OWN 2024)",
"tags": [
"vendor-advisory"
],
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2024-10442",
"datePublished": "2025-03-19T02:14:03.691Z",
"dateReserved": "2024-10-28T02:29:33.711Z",
"dateUpdated": "2025-03-19T14:13:16.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}