- Posted November 06, 2024
- Security Advisories
The NCSC would like to draw your attention to CVE-2024-10443 affecting Synology Photos.
Exploitation of this vulnerability may allow a malicious actor to perform unauthenticated remote code execution on vulnerable Synology Photo instances.
Synology advises that the following versions of the Synology Photos app are vulnerable:
- 1.7 for DiskStation Manager 7.2
- 1.6 for DiskStation Manager 7.2
We recommend all organisations using Synology DiskStation Manager to refer to Synology's advisory, Synology-SA-24:19(external link), and undertake due diligence to check any suspicious activity related to this vulnerability.
For more NCSC updates, follow us on LinkedIn(external link).