CVE-2024-29239

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.0-11289 Synology Surveillance Station versions prior to 9.2.0-9289

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability is present in the Recording.CountByCategory webapi component of Synology Surveillance Station. It allows remote authenticated users to inject SQL commands via unspecified vectors.

Recommendations For versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. For versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later. As a temporary workaround, consider restricting access to the Recording.CountByCategory webapi component until a patch is available.