CVE-2024-4464

Name of the Vulnerable Software and Affected Versions Synology Media Server versions prior to 1.4-2680 Synology Media Server versions prior to 2.0.5-3152 Synology Media Server versions prior to 2.2.0-3325

Description The issue is related to an authorization bypass vulnerability through a user-controlled key in the streaming service of Synology Media Server. This vulnerability allows remote attackers to read specific files via unspecified vectors.

Recommendations For Synology Media Server versions prior to 1.4-2680, update to version 1.4-2680 or later. For Synology Media Server versions prior to 2.0.5-3152, update to version 2.0.5-3152 or later. For Synology Media Server versions prior to 2.2.0-3325, update to version 2.2.0-3325 or later.