Trending

ee-track">
Link copied!

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching

A newly identified zero-click and zero-day vulnerability, tracked as CVE-2024-10443, poses a significant security threat to millions of Synology’s DiskStation and BeeStation NAS devices.

November 7, 2024 · 3 min read
Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching

Overview

A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed “RISK:STATION,” poses a significant threat to Synology NAS users worldwide.

The vulnerability, affecting Synology DiskStation and BeeStation models, allows remote code execution without user interaction, heightening the potential for malicious exploitation.

CERT-In has released an advisory urging Synology users to apply critical security patches immediately to secure their devices and prevent unauthorized access.

Affected Systems and Risk Assessment

The flaw specifically impacts Synology Photos and BeePhotos components, which come pre-installed on many Synology NAS products. Vulnerable versions include:

  • BeePhotos for BeeStation OS 1.1 – versions below 1.1.0-10053
  • BeePhotos for BeeStation OS 1.0 – versions below 1.0.2-10026
  • Synology Photos 1.7 for DSM 7.2 – versions below 1.7.0-0795
  • Synology Photos 1.6 for DSM 7.2 – versions below 1.6.2-0720

Given that NAS devices are highly valuable targets in ransomware attacks, the risks associated with this vulnerability are extensive, including data theft, malware installation, and unauthorized system access.

System owners using affected versions are encouraged to upgrade to secure versions immediately.

report-ad-banner

Impact and Exploitation Risks

The “RISK:STATION” vulnerability represents an “unauthenticated zero-click” attack vector. Attackers exploiting this flaw can gain root-level control without any user interaction.

Synology’s QuickConnect feature, a remote-access service, further increases device exposure, as it allows attackers to reach NAS devices even behind firewalls. According to the researchers who were credited with finding this zero-click bug, this flaw carries a high potential for misuse and could impact an estimated one to two million devices globally.

Device Exposure and Enumeration Concerns

The vulnerability’s severity is amplified by Synology’s QuickConnect feature’s extensive reach. This service provides devices with a unique subdomain that enables remote access, even bypassing firewalls and NAT configurations.

Due to the ease of obtaining these subdomains through Certificate Transparency logs, adversaries can readily enumerate exposed Synology devices. QuickConnect domains often contain identifiable names or locations, raising privacy concerns and potentially making it easier for attackers to prioritize targets.

Mitigations and Recommended Actions

Synology has issued patches that effectively neutralize this vulnerability, covering both the SynologyPhotos and BeePhotos applications. Users should ensure they apply the following updates:

  • For Synology DiskStation (DSM 7.2):
  • Synology Photos 1.7 – Update to version 1.7.0-0795
  • Synology Photos 1.6 – Update to version 1.6.2-0720
  • For Synology BeeStation:
  • BeePhotos 1.1 – Update to version 1.1.0-10053
  • BeePhotos 1.0 – Update to version 1.0.2-10026

Alternatively, users can mitigate exposure by disabling QuickConnect, blocking ports 5000 and 5001, and disabling the SynologyPhotos or BeePhotos components if not actively in use.

Although these actions prevent internet-based exploitation, they do not secure devices within local networks, so a firmware update remains the most effective solution.

Conclusion

The CVE-2024-10443 vulnerability in Synology NAS devices showcases the need for proactive patching, particularly for high-value, internet-exposed assets. Synology users are urged to follow the recommended upgrade steps or apply alternative mitigation measures to secure their devices from exploitation. By addressing these vulnerabilities promptly, organizations can reduce the likelihood of unauthorized access, ransomware attacks, and data breaches on their network-attached storage devices.

Source:

https://www.cert-in.org.in

https://www.synology.com/en-global/security/advisory/Synology_SA_24_18

https://www.synology.com/en-global/security/advisory/Synology_SA_24_19

https://www.midnightblue.nl/research/riskstation

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams