Synology Security Advisories SA-24:04 Surveillance Station and SA-24:05 Surveillance Station Client
Multiple resolved vulnerabilities allow remote authenticated users to access intranet resources, bypass security constraints, conduct denial-of-service attacks, inject SQL commands, obtain privileges without consent, obtain privileges without consent, obtain sensitive information, and write specific files.
This is a Press Release edited by StorageNewsletter.com on April 1, 2024 at 2:01 pmSynology, Inc. had published 2 security advisories concerning resolved vulnerabilities on Surveillance Station App and Surveillance Station Client.
Synology-SA-24:04 Surveillance Station
Publish time: 2024-03-28 14:07:31 UTC+8
Last updated: 2024-03-28 14:29:13 UTC+8
Severity: Important
Status: Resolved
Abstract
Multiple vulnerabilities allow remote authenticated users to access intranet resources, bypass security constraints, conduct denial-of-service attacks, inject SQL commands, obtain privileges without consent, obtain privileges without consent, obtain sensitive information, and write specific files via a susceptible version of Surveillance Station.
Affected products
Product |
Severity |
Fixed release availability |
---|---|---|
Surveillance Station for DSM 7.2 |
Important |
Upgrade to 9.2.0-11289 or above. |
Surveillance Station for DSM 7.1 |
Important |
Upgrade to 9.2.0-11289 or above. |
Surveillance Station for DSM 6.2 |
Important |
Upgrade to 9.2.0-9289 or above. |
Mitigation : None
Detail
-
CVE-2024-29228
- Severity: Important
- CVSS3 Base Score: 7.7
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
- Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
-
CVE-2024-29229
- Severity: Important
- CVSS3 Base Score: 7.7
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
- Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
-
CVE-2024-29241
- Severity: Important
- CVSS3 Base Score: 9.9
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
- Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
-
CVE-2024-29227
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29230
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29231
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
-
CVE-2024-29232
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29233
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29234
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29235
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29236
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29237
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29238
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29239
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
- Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
-
CVE-2024-29240
- Severity: Moderate
- CVSS3 Base Score: 4.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
Acknowledgement
- TEAM.ENVY (https://team-envy.gitbook.io/team.envy/about-us)
- Tim Coen (https://security-consulting.icu)
- Zhao Runzi (赵润梓)
Reference
- CVE-2024-29227
- CVE-2024-29228
- CVE-2024-29229
- CVE-2024-29230
- CVE-2024-29231
- CVE-2024-29232
- CVE-2024-29233
- CVE-2024-29234
- CVE-2024-29235
- CVE-2024-29236
- CVE-2024-29237
- CVE-2024-29238
- CVE-2024-29239
- CVE-2024-29240
- CVE-2024-29241
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-03-28 |
Initial public release. |
2 |
2024-03-28 |
Disclosed vulnerability details. |
Synology-SA-24:05 Synology Surveillance Station Client
Publish time: 2024-03-28 14:43:22 UTC+8
Last updated: 2024-03-28 14:43:22 UTC+8
Severity : Important
Status : Resolved
Abstract
A vulnerability allows local users to execute arbitrary commands via a susceptible version of Synology Surveillance Station Client.
Affected products
Product |
Severity |
Fixed release availability |
---|---|---|
Synology Surveillance Station Client |
Important |
Upgrade to 2.2.0-2507 or above. |
Mitigation : None
Detail : Reserved
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-03-28 |
Initial public release. |