CVE-2024-29239

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 28, 2024
Updated: Jan 14, 2025
CWE ID 89

Summary

CVE-2024-29239 is an SQL injection vulnerability affecting Synology Surveillance Station's Recording.CountByCategory webapi component. This issue, occurring in versions before 9.2.0-11289 and 9.2.0-9289, enables remote authenticated users to inject malicious SQL commands through unspecified vectors. The vulnerability potentially exposes sensitive data and grants unauthorized access, posing a significant risk to system security. It is essential for users to update their Surveillance Station software to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Synology DiskStation
  • Synology Surveillance Station

Affected Vendors

  • Synology