PT-2024-22827 · Synology · Synology Surveillance Station
Team.Envy
·
Published
2024-03-27
·
Updated
2026-04-01
·
CVE-2024-29231
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Synology Surveillance Station versions prior to 9.2.0-9289
Synology Surveillance Station versions prior to 9.2.0-11289
Description
The issue is related to improper validation of array index in the UserPrivilege.Enum webapi component. This allows remote authenticated users to bypass security constraints via unspecified vectors.
Recommendations
For versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later.
For versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later.
As a temporary workaround, consider restricting access to the UserPrivilege.Enum webapi component until a patch is available.
Fix
DoS
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Synology Surveillance Station