Summary
Security updates address two vulnerabilities in Synology Photos and BeePhotos products that could allow an attacker to execute arbitrary code on affected products.
Risk
Community Impact Estimate for Vulnerability: HIGH/ORANGE (65.12/100)1.
Type
- Arbitrary Code Execution
Affected Products and Versions
Synology
- Photos 1.6.x for DSM 7.2, versions prior to 1.6.2-0720
- Photos 1.7.x for DSM 7.2, versions prior to 1.7.0-0795
- BeePhotos for BeeStation OS, versions 1.0.x prior to 1.0.2-10026
- BeePhotos for BeeStation OS, versions 1.1.x prior to 1.1.0-10053
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products as indicated in the security bulletins listed in the References section.
Unique Vulnerability Indicators (updated 06/11/2024)
References
https://www.synology.com/fr-fr/security/advisory/Synology_SA_24_18
https://www.synology.com/fr-fr/security/advisory/Synology_SA_24_19
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.