1:00pm, 6 November 2024
TLP Rating:
RCE vulnerability affecting Synology Photos app
A vulnerability in Synology Photos apps allows an attacker to execute arbitrary code. CVE-2024-10443.
What's happening
Systems affected
Synology advises that the following versions of the Synology Photos app are vulnerable:
- 1.7 for DiskStation Manager 7.2
- 1.6 for DiskStation Manager 7.2
What this means
The listed Synology Photos app versions are vulnerable to unauthorised code execution.
What to do
Prevention
Synology advises updating Synology Photos app to the following versions:
- 1.7.0-0795 or above, or
- 1.6.2-0720 or above.
More information
Refer to vendor advisory for more information
Synology_SA_24_19 | Synology Inc. External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
Report an incident to CERT NZ External Link
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.