PT-2022-3456 · Synology · Video Station

Thomas Fady

Published

2022-05-05

Updated

2022-05-13

CVE-2021-44055

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Video Station versions prior to 5.5.9

Description The issue is related to insufficient authorization procedures in the Video Station application, allowing remote attackers to elevate their privileges and access data or perform actions they should not be allowed to. This can lead to unauthorized access and potential data breaches.

Recommendations For versions prior to 5.5.9, update to Video Station 5.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and functions within the Video Station application until the update can be applied.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2022-04234

CVE-2021-44055

Affected Products

Video Station

PT-2022-3456 · Synology · Video Station

CVE-2021-44055

Weakness Enumeration

Related Identifiers

Affected Products

References · 5