CVE-2024-29240

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.0-11289 Synology Surveillance Station versions prior to 9.2.0-9289

Description A missing authorization vulnerability in the LayoutSave webapi component allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

Recommendations For versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. For versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later. As a temporary workaround, consider restricting access to the LayoutSave webapi component until a patch is available.