Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
History

Fri, 13 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:synology:beephotos:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:photos:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:beephotos:*:*:*:*:*:beestation_os:*:*
cpe:2.3:a:synology:diskstation_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:photos:*:*:*:*:*:diskstation_manager:*:*

Tue, 19 Nov 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Synology beephotos
Synology beestation Os
Synology diskstation Manager
Synology photos
CPEs cpe:2.3:a:synology:beephotos:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:7.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:photos:*:*:*:*:*:*:*:*
cpe:2.3:o:synology:beestation_os:1.0:*:*:*:*:*:*:*
cpe:2.3:o:synology:beestation_os:1.1:*:*:*:*:*:*:*
Vendors & Products Synology beephotos
Synology beestation Os
Synology diskstation Manager
Synology photos

Fri, 15 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology photo Station
CPEs cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*
Vendors & Products Synology
Synology photo Station
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 10:30:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published: 2024-11-15T10:23:51.233Z

Updated: 2024-11-15T17:42:41.931Z

Reserved: 2024-10-28T02:34:40.599Z

Link: CVE-2024-10443

cve-icon Vulnrichment

Updated: 2024-11-15T17:42:07.286Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-15T11:15:09.750

Modified: 2024-12-13T16:13:38.183

Link: CVE-2024-10443

cve-icon Redhat

No data.