All intelligence
// vulnerability record
live · NVDCVE-2024-10444
HIGHpublished 2025-03-19 02:15 UTC · 1 year ago · modified 2026-06-17 06:55 UTC
7.5
CVSS / 10
// description
Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
// weaknesses (CWE)
- CWE-295