Cyber Security Alert: CVE affecting Synology Photos

Posted November 06, 2024
Security Advisories

The NCSC would like to draw your attention to CVE-2024-10443 affecting Synology Photos.

Exploitation of this vulnerability may allow a malicious actor to perform unauthenticated remote code execution on vulnerable Synology Photo instances.

Synology advises that the following versions of the Synology Photos app are vulnerable:

1.7 for DiskStation Manager 7.2
1.6 for DiskStation Manager 7.2

We recommend all organisations using Synology DiskStation Manager to refer to Synology's advisory, Synology-SA-24:19(external link), and undertake due diligence to check any suspicious activity related to this vulnerability.

If your organisation has seen or does see evidence of compromise related to CVE-2024-10443, please contact i ncidents@ncsc.govt.nz.

For more NCSC NZ updates, follow (external link)us on LinkedIn.

Cyber Security Alert: CVE affecting Synology Photos

Latest headlines

NZSIS, NCSC and partners launch security advice for tech start-ups

Don’t give to the Scamathon!

NCSC launches new incident response exercise

Joint Guidance: Cyber Security for Operational Technology