Synology has patched a zero-click flaw found in multiple NAS products
This type of flaw can be exploited with no victim interaction, making it particularly dangerous
Technical details were not disclosed to give customers time to react
Top network-attached storage (NAS) makers Synology has patched a critical severity vulnerability which could have allowed threat actors to remotely execute malicious code on affected endpoints.
The vulnerability is tracked as CVE-2024-10443, and was found in DiskStation and BeePhotos. It was showcased during the recent Pwn2Own Ireland 2024 hackathon, where it was described as a zero-click flaw, and dubbed RISK:STATION.