November 5, 2024 at 04:48AM
Synology has addressed a critical zero-day vulnerability (CVE-2024-10443) called RISK:STATION, affecting millions of DiskStation and BeePhotos devices, allowing remote code execution without user interaction. Meanwhile, QNAP resolved three critical flaws in their products. Users are urged to apply patches promptly to protect against potential attacks.
### Meeting Takeaways – November 05, 2024
**1. Synology Vulnerability (CVE-2024-10443 – RISK:STATION):**
– A critical security flaw was identified in Synology’s DiskStation and BeePhotos NAS devices.
– The vulnerability allows for remote code execution without user interaction (zero-click), affecting millions of devices.
– Currently, the flaw has affected between 1 to 2 million devices accessible via the internet.
– Technical details are being withheld to allow users time to apply patches.
**2. QNAP Security Updates:**
– QNAP has successfully patched three critical vulnerabilities:
– **CVE-2024-50389:** Resolved in QuRouter version 2.4.5.032 and later.
– **CVE-2024-50387:** Resolved in SMB Service versions 4.15.002 and h4.15.002 and later.
– **CVE-2024-50388:** Resolved in HBS 3 Hybrid Backup Sync version 25.1.1.673 and later.
– No evidence of these vulnerabilities being exploited in the wild, but users are urged to apply the patches promptly due to the high risk from ransomware attacks targeting NAS devices.
**3. Recommendations:**
– Users of Synology devices should monitor for updates and apply patches as soon as they are available.
– QNAP users should also ensure they are using the latest versions of their software to mitigate potential risks.
**4. Further Engagement:**
– For more updates and content, follow the hosting organization on Twitter and LinkedIn.