Synology, a Taiwanese networking and storage solutions provider, has promptly released fixes for a critical flaw affecting its widely used DiskStation and BeeStation network-attached storage devices, tracked as CVE-2024-10443, which could be exploited for remote code execution, reports Security Affairs.
Also known as RISK:STATION, the zero-click vulnerability could be leveraged to compromise millions of devices, according to Midnight Blue researchers, who discovered and reported the issue at Pwn2Own Ireland. Additional details regarding the bug have not been disclosed to curb potential exploitation while organizations with affected BeePhotos for BeeStation OS and Synology Photos instances have been urged to immediately apply the patch. "Official guidance from Synology can be found on their advisories page. However, since the vulnerability has a high potential for criminal abuse, and millions of devices are affected, a media reach-out was made to inform system owners of the issue and to stress the point that immediate mitigative actions are required," said Midnight Blue researchers.