CVE-2024-29229

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.0-9289 Synology Surveillance Station versions prior to 9.2.0-11289

Description A missing authorization issue in the GetLiveViewPath webapi component allows remote authenticated users to obtain sensitive information. The issue is related to the GetLiveViewPath component, but specific details about exploitation, such as API endpoints or vulnerable parameters, are not provided.

Recommendations For versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later. For versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. As a temporary workaround, consider restricting access to the GetLiveViewPath webapi component until a patch is applied.