CVE-2024-10443
ENISA EUVD: EUVD-2024-33123 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026
2 articles
Published: 2024-11-15
EPSS Score
Source: FIRST.org · 2026-05-23
75.64%
probability
This CVE has a 75.64% probability
of being exploited in the next 30 days.
0%
Top 98.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Affected Products
Synology
BeePhotos
Synology
Synology Photos
Attack Intelligence
Signal Intelligence
Confidence
85%
EPSS
75.64%
CVSS v3.1
9.8
Mentions
2
Last Seen
Nov 01, 2024
CNA Information
CNA Assigner
synology
Analyst Note
CVE-2024-10443 was exploited at Pwn2Own 2024 (a live hacking competition with real-world exploitation) before patches were released on 2024-11-15. The BleepingComputer article explicitly identifies this as a zero-day exploited at Pwn2Own, indicating active exploitation prior to patch availability.
Triage Info
Decided atMar 05, 2026
Published DateNov 15, 2024