Synology-SA-24:23 BeeStation (PWN2OWN 2024)

Publish Time: 2024-11-05 15:16:36 UTC+8

Last Updated: 2024-11-05 15:57:44 UTC+8

Severity
Critical
Status
Resolved

Abstract

The vulnerability reported in ZDI-CAN-25403 allows remote attackers to execute arbitrary code.

The vulnerability reported in ZDI-CAN-25613 allows remote attackers to read specific files.

The vulnerability reported in ZDI-CAN-25617 allows adjacent man-in-the-middle attacker to write specific files.

Affected Products

Product Severity Fixed Release Availability
BeeStation OS 1.1 Critical Upgrade to 1.1-65374 or above.
BeeStation OS 1.0 Critical Upgrade to 1.1-65374 or above.

Mitigation

None

Detail

Reserved

Revision

Revision Date Description
1 2024-11-05 Initial public release.