Online Platform
Exploits

Critical NAS Vulnerabilities Patched in Synology and QNAP Devices

Cedric Nelson Published  ·  2 min read
Updated on November 06, 2024

Network-attached storage (NAS) manufacturer Synology has patched a high-severity vulnerability, CVE-2024-10443, affecting DiskStation and BeePhotos applications. Known as RISK , the flaw enables attackers to execute remote code without user interaction, posing a severe risk to millions of NAS users. This vulnerability was demonstrated by researcher Rick de Jager during the Pwn2Own Ireland 2024 competition.

The RISK

vulnerability is a "zero-click" issue, which means it can be exploited without any action from the user. This grants attackers root-level access on impacted devices, allowing them to steal sensitive data or plant malware.

Affected Versions and Required Updates

To mitigate this vulnerability, Synology users should update to the latest secure versions:

  1. BeePhotos for BeeStation OS 1.0 – Upgrade to version 1.0.2-10026 or later
  2. BeePhotos for BeeStation OS 1.1 – Upgrade to version 1.1.0-10053 or later
  3. Synology Photos 1.6 for DSM 7.2 – Upgrade to version 1.6.2-0720 or later
  4. Synology Photos 1.7 for DSM 7.2 – Upgrade to version 1.7.0-0795 or later

Synology estimates that between one and two million devices are currently impacted by this flaw, many of which are internet-exposed. While technical specifics about the vulnerability have been withheld to give users time to patch, Synology urges all affected customers to update immediately.

QNAP Resolves Three Critical Flaws

Coinciding with Synology's updates, NAS maker QNAP has also patched three critical vulnerabilities that were exploited at Pwn2Own:

  1. CVE-2024-50389 – QuRouter: Update to version 2.4.5.032 or later
  2. CVE-2024-50387 – SMB Service: Update to 4.15.002 or higher
  3. CVE-2024-50388 – HBS 3 Hybrid Backup Sync: Update to 25.1.1.673 or later

Increased Threats to NAS Devices

NAS systems have become high-value targets for cyberattacks, particularly by ransomware groups seeking access to stored data. While no active exploits for these vulnerabilities have been reported in the wild, the history of NAS devices as ransomware targets makes timely patching critical.

Keeping Your NAS Secure

To enhance NAS security, users should:

  1. Apply Updates Promptly – Regularly update NAS firmware and software.
  2. Limit Internet Exposure – Restrict NAS access to trusted networks only.
  3. Implement Strong Authentication – Use complex passwords and, where possible, enable two-factor authentication.
Keywords
Share LinkedIn
Where to Practice SQLmap: 7 Legal Targets for Ethical Hacking Tools

Where to Practice SQLmap: 7 Legal Targets for Ethical Hacking

Jun 03, 2026
HTTP/2 Bomb DoS Vulnerability Affects Major Web Servers Exploits

HTTP/2 Bomb DoS Vulnerability Affects Major Web Servers

Jun 03, 2026
Minecraft Malware Weedhack Campaign Spreads via YouTube Hacking

Minecraft Malware Weedhack Campaign Spreads via YouTube

Jun 03, 2026
Professional Services

Explore Our Cybersecurity Services

Our insights are backed by hands-on service delivery. If your business needs professional cybersecurity support, our UK-based specialists are ready to help.

Website Recovery Malware removal & incident response
Penetration Testing Authorised attack simulation
Vulnerability Assessment Identify & prioritise weaknesses
Secure Web Development OWASP-aligned, pen tested
Red Teaming Advanced adversary simulation

© 2016 – 2026 Red Secure Tech Ltd. Registered in England and Wales — Company No: 15581067

This website uses cookies to ensure you get the best experience on our website. We need your consent to show personalized or non-personalized ads, and to use cookies for analytics purposes. By clicking "Accept", you consent to the use of cookies and the collection of data as per our Privacy Policy.