CVE-2023-52943

Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289

Description: The issue is related to an incorrect authorization vulnerability in the Alert.Setting webapi component. This allows remote authenticated users to perform limited actions on the alerting function via unspecified vectors. The vulnerability is associated with deficiencies in the authorization mechanism, which can be exploited by a remote attacker to elevate their privileges.

Recommendations: For Synology Surveillance Station versions prior to 9.2.0-11289, update to version 9.2.0-11289 or later. For Synology Surveillance Station versions prior to 9.2.0-9289, update to version 9.2.0-9289 or later. As a temporary workaround, consider restricting access to the Alert.Setting webapi component until a patch is available.