CVE-2024-29241

Summary

CVE-2024-29241 is a missing authorization vulnerability affecting Synology Surveillance Station before versions 9.2.0-9289 and 9.2.0-11289. This issue enables remote, authenticated users to bypass security constraints through unspecified vectors in the System webapi component. The implications of this vulnerability are significant, as it may allow attackers to gain unauthorized access to sensitive information or perform unintended actions within the affected system. Users are strongly advised to update their Surveillance Station software to the latest available version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.