CVE-2024-29234

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.0-11289 Synology Surveillance Station version 9.2.0-9289

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability affects the Group.Save webapi component and allows remote authenticated users to inject SQL commands via unspecified vectors.

Recommendations For Synology Surveillance Station versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. For Synology Surveillance Station version 9.2.0-9289, update to a version later than 9.2.0-9289. As a temporary workaround, consider restricting access to the Group.Save webapi component until a patch is available.