CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29231

Medium Severity
Synology
SVRS
30/100
CVSSv3
8.8/10
EPSS
0.0019/1

CVE-2024-29231: Security bypass vulnerability in Synology Surveillance Station. This flaw stems from improper validation of array index within the UserPrivilege.Enum webapi component. Exploitation allows remote authenticated users to circumvent security constraints through unspecified methods. Though the CVSS score is high at 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 30. While the CVSS indicates a significant risk, the lower SVRS suggests the vulnerability might not be actively exploited or widely discussed in threat intelligence circles. This Synology flaw is significant because it allows unauthorized privilege escalation, potentially leading to unauthorized access and control over the affected Surveillance Station. Update your Synology Surveillance Station to versions 9.2.0-9289 or 9.2.0-11289, or later, to remediate this issue and mitigate potential attacks.

TAGS
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-25
LAST MODIFIED2024-03-28

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-29231 | Synology Surveillance Station prior 9.2.0-9289/9.2.0-11289 WebAPI UserPrivilege.Enum array index (SA_24_04)
vuldb.com2025-01-15
CVE-2024-29231 | Synology Surveillance Station prior 9.2.0-9289/9.2.0-11289 WebAPI UserPrivilege.Enum array index (SA_24_04) | A vulnerability classified as critical has been found in Synology Surveillance Station. This affects the function UserPrivilege.Enum of the component WebAPI. The manipulation leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2024-29231. It is
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppSynologysurveillance_station

References

ReferenceLink
[email protected]https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
AF854A3A-2127-422B-91AE-364DA2661108https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
[email protected]https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
SYNOLOGY-SA-24:04 SURVEILLANCE STATIONhttps://www.synology.com/en-global/security/advisory/Synology_SA_24_04

CWE Details

CWE IDCWE NameDescription
CWE-129Improper Validation of Array IndexThe product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence