### [CVE-2024-10442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10442)
![](https://img.shields.io/static/v1?label=Product&message=Replication%20Service&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Unified%20Controller%20(DSMUC)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Off-by-one%20Error&color=brighgreen)

### Description

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ret2/Pwn2Own-Ireland2024-DiskStation