CVE-2024-29239
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Mar 28, 2024
Updated: Jan 14, 2025
CWE ID 89
Summary
CVE-2024-29239 is an SQL injection vulnerability affecting Synology Surveillance Station's Recording.CountByCategory webapi component. This issue, occurring in versions before 9.2.0-11289 and 9.2.0-9289, enables remote authenticated users to inject malicious SQL commands through unspecified vectors. The vulnerability potentially exposes sensitive data and grants unauthorized access, posing a significant risk to system security. It is essential for users to update their Surveillance Station software to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Synology DiskStation
- Synology Surveillance Station
Affected Vendors
- Synology