Synology has patched a critical zero-day vulnerability, CVE-2024-10443, known as RISK
, which could allow unauthenticated remote code execution on DiskStation and BeeStation NAS devices without user interaction, affecting up to two million devices. Demonstrated by researcher Rick de Jager at Pwn2Own Ireland 2024, the zero-click flaw lets attackers gain root access to steal data or install malware. Affected versions include BeePhotos for BeeStation OS 1.0 and 1.1 and Synology Photos for DSM 7.2, with upgrades available. Additionally, QNAP has addressed three critical vulnerabilities (CVE-2024-50389, CVE-2024-50387, CVE-2024-50388) in QuRouter, SMB Service, and HBS 3, urging users to apply patches promptly as NAS devices are frequent ransomware targets.