CVE-2024-29240

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 28, 2024

Updated: Jan 14, 2025

CWE ID 862

Summary

CVE-2024-29240 is a missing authorization vulnerability affecting Synology Surveillance Station's LayoutSave webapi component. This issue, present in versions before 9.2.0-11289 and 9.2.0-9289, allows remote, authenticated users to execute denial-of-service attacks. Specific vectors of attack are unspecified, but the vulnerability poses a significant risk to system availability. It is strongly recommended that users update their Surveillance Station software to the latest version to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Synology DiskStation
Synology Surveillance Station

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vEKw2k
https://www.cve.org/CVERecord?id=CVE-2024-29240
https://nvd.nist.gov/vuln/detail/CVE-2024-29240

Back to Vulnerability Database