What are you looking for ?
Advertise with us
RAIDON

Synology Security Advisories SA-24:04 Surveillance Station and SA-24:05 Surveillance Station Client

Multiple resolved vulnerabilities allow remote authenticated users to access intranet resources, bypass security constraints, conduct denial-of-service attacks, inject SQL commands, obtain privileges without consent, obtain privileges without consent, obtain sensitive information, and write specific files.

Synology, Inc. had published 2 security advisories concerning resolved vulnerabilities on Surveillance Station App and Surveillance Station Client.

Synology-SA-24:04 Surveillance Station

Publish time: 2024-03-28 14:07:31 UTC+8
Last
updated: 2024-03-28 14:29:13 UTC+8
Severity: Important
Status: Resolved

Abstract
Multiple vulnerabilities allow remote authenticated users to access intranet resources, bypass security constraints, conduct denial-of-service attacks, inject SQL commands, obtain privileges without consent, obtain privileges without consent, obtain sensitive information, and write specific files via a susceptible version of Surveillance Station.

Affected products

Product

Severity

Fixed release availability

Surveillance Station for DSM 7.2

Important

Upgrade to 9.2.0-11289 or above.

Surveillance Station for DSM 7.1

Important

Upgrade to 9.2.0-11289 or above.

Surveillance Station for DSM 6.2

Important

Upgrade to 9.2.0-9289 or above.

Mitigation : None

Detail

  • CVE-2024-29228

    • Severity: Important
    • CVSS3 Base Score: 7.7
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
    • Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
  • CVE-2024-29229

    • Severity: Important
    • CVSS3 Base Score: 7.7
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
    • Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
  • CVE-2024-29241

    • Severity: Important
    • CVSS3 Base Score: 9.9
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
    • Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
  • CVE-2024-29227

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29230

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29231

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
  • CVE-2024-29232

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29233

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29234

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29235

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29236

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29237

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29238

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29239

    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
    • Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
  • CVE-2024-29240

    • Severity: Moderate
    • CVSS3 Base Score: 4.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
    • Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

Acknowledgement

  • TEAM.ENVY (https://team-envy.gitbook.io/team.envy/about-us)
  • Tim Coen (https://security-consulting.icu)
  • Zhao Runzi (赵润梓)

Reference

Revision

Revision

Date

Description

1

2024-03-28

Initial public release.

2

2024-03-28

Disclosed vulnerability details.

 

Synology-SA-24:05 Synology Surveillance Station Client

Publish time: 2024-03-28 14:43:22 UTC+8
Last updated: 2024-03-28 14:43:22 UTC+8
Severity : Important
Status : Resolved

Abstract
A vulnerability allows local users to execute arbitrary commands via a susceptible version of Synology Surveillance Station Client.

Affected products

Product

Severity

Fixed release availability

Synology Surveillance Station Client

Important

Upgrade to 2.2.0-2507 or above.

Mitigation : None

Detail : Reserved

Revision

Revision

Date

Description

1

2024-03-28

Initial public release.

 

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E