CVE-2024-29228

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Mar 28, 2024

CWE ID 862

Summary

CVE-2024-29228 reflects a missing authorization issue in the GetStmUrlPath webapi component within Synology Surveillance Station versions prior to 9.2.0-9289 and 9.2.0-11289. This vulnerability allows remote, authenticated users to gain unauthorized access to sensitive information through unspecified vectors. The absence of proper authorization checks can lead to potential data breaches and unintended access to critical information. It is essential for Synology users to update their Surveillance Station software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vEKv6d
https://www.cve.org/CVERecord?id=CVE-2024-29228
https://nvd.nist.gov/vuln/detail/CVE-2024-29228

Back to Vulnerability Database

CVE-2024-29228

CVSS 3.1 Score 7.7 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations