CVE-2023-52944

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 4, 2024
CWE ID 863

Summary

CVE-2023-52944 is an authorization vulnerability affecting the ActionRule webapi component in Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289. This issue enables remote, authenticated users to execute limited actions on the set action rules function using unspecified vectors, potentially leading to unintended consequences. This vulnerability could result in security misconfigurations or unauthorized modifications to the surveillance system's settings. Users are advised to update their Surveillance Station software to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share