Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix CVE-2024-10443- Critical Zero-Click RCE Vulnerability in Synology NAS Devices?
November 6, 2024
|
5m

How to Fix CVE-2024-10443- Critical Zero-Click RCE Vulnerability in Synology NAS Devices?


RISK RCE Vulnerability Hits Synology NAS Devices

A critical zero-click remote code execution (RCE) vulnerability has been discovered in Synology's NAS devices, impacting millions of users worldwide. Dubbed "RISK:STATION" this flaw poses a significant threat to users of Synology's DiskStation and BeeStation devices, particularly those running Synology Photos or BeePhotos applications. Due to the zero-click nature of the vulnerability, no user interaction is required, making this flaw a highly concerning risk vector for ransomware, data theft, or malware injection. This article will explore the vulnerability in detail, including the affected products, its potential impact, and measures to mitigate or fix the flaw.

Product Overview

Synology is a Taiwanese company known for its network-attached storage (NAS) devices that serve both consumers and enterprises. Their BeeStation and DiskStation NAS products are popular among home users, small businesses, and enterprises for storage and cloud synchronization. These devices run a tailored operating system called DiskStation Manager (DSM), which offers functionalities like photo management, cloud backup, and more. The Synology Photos and BeePhotos apps, integral to managing photos, have recently been identified as vulnerable components in these NAS devices.

Summary of the Vulnerabilities

  • CVE ID: CVE-2024-10443 (RISK:STATION)

  • Description: Unauthenticated zero-click remote code execution vulnerability in Synology Photos and BeePhotos applications

  • CVSS Score: Critical (Exact score pending)

  • CVSS Vector: Pending official release at the time of publish this article.

The RISK:STATION vulnerability was discovered during the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager at Midnight Blue. The flaw resides in the Synology Photos and BeePhotos components, which are responsible for photo management on Synology DiskStation and BeeStation NAS devices. These components contain code that can be exploited to achieve remote code execution at the root level without any user action, making them particularly susceptible to abuse by attackers. Attackers can use the flaw to gain unauthorized access, deploy ransomware, or exfiltrate sensitive information.

Impact of the Vulnerabilities

The RISK:STATION vulnerability impacts millions of NAS devices, as the Synology Photos and BeePhotos components are either pre-installed or commonly used by NAS owners. The flaw allows attackers to exploit the vulnerable code to gain complete control over affected NAS devices. Devices exposed to the internet via port forwarding or Synology's QuickConnect feature are especially at risk, as they are readily accessible without authentication. Midnight Blue's research indicates that between one and two million devices are currently affected and potentially exposed to attacks. The vulnerability, given its unauthenticated zero-click nature, provides attackers with an easy means to compromise devices remotely and covertly.

Products Affected by the Vulnerabilities

The following Synology products are affected by the RISK vulnerability:

Product
Version
Fixed Release
BeePhotos for BeeStation OS
1.0 and 1.1
Upgrade to 1.0.2-10026 or 1.1.0-10053
Synology Photos for DSM 7.2
1.6 and 1.7
Upgrade to 1.6.2-0720 or 1.7.0-0795

No mitigations are available for older versions other than upgrading to the patched versions. Users are strongly advised to apply these patches immediately.

How to Check If Your Product Is Vulnerable

To determine whether your Synology NAS device is vulnerable to RISK, ensure that you are not running the affected versions of Synology Photos or BeePhotos. You can verify the version of the installed app by navigating to the DSM Control Panel > Package Center > Installed Packages. Compare the version with the patched releases listed above. If you are running an affected version, proceed with updating immediately.

Devices configured to allow remote access via Synology’s QuickConnect or port forwarding are at greater risk. Use services like Shodan or Censys to check if your NAS is exposed to the internet, and disable QuickConnect if unnecessary.

How to Fix the Vulnerabilities

To fix the RISK vulnerability, follow these steps:

  1. Apply the Patch: Update Synology Photos and BeePhotos to the patched versions. Visit the DSM Package Center and install the latest updates for Synology Photos (1.7.0-0795 or 1.6.2-0720) and BeePhotos (1.1.0-10053 or 1.0.2-10026).

  2. Disable Vulnerable Services: If patching is not immediately possible, you can mitigate the risk by disabling the Synology Photos or BeePhotos application through the DSM Control Panel. This will prevent exploitation of the vulnerable code.

  3. Restrict Network Exposure: Disable port forwarding to your NAS and block ports 5000 and 5001 on your router. Additionally, disable QuickConnect to prevent unauthorized internet access.

  4. Network Segmentation: Ensure your NAS is isolated from the wider network to minimize potential impact in case of compromise. Use VLANs or firewalls to segregate critical infrastructure.

  5. Monitor and Respond: Regularly monitor your network for unusual activity. Employ intrusion detection and prevention systems (IDS/IPS) to detect any attempts to exploit this vulnerability.

We hope this post helps you learn about the details of the RISK vulnerabilities in Synology NAS devices, including their technical details, potential impact, affected models, and most importantly, how to protect your Synology NAS from these vulnerabilities. Stay secure, stay updated, and continue to prioritize the safety of your network and data. Thank you for reading this post. Please share this article to help secure the digital world. Visit our website thesecmaster.com, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive updates like this.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe