CVE-2023-52944

Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289

Description: The issue is related to an incorrect authorization vulnerability in the ActionRule webapi component. This vulnerability allows remote authenticated users to perform limited actions on the set action rules function. The exploitation of this vulnerability can enable a remote attacker to elevate their privileges.

Recommendations: For Synology Surveillance Station versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. For Synology Surveillance Station versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later. As a temporary workaround, consider restricting access to the ActionRule webapi component until a patch is available.