CVSS 3.1 Score 9.9 of 10 (high)


Published Mar 28, 2024
CWE ID 862


The vulnerability with the CVE ID CVE-2024-29241 affects the System webapi component in Synology Surveillance Station versions before 9.2.0-9289 and 9.2.0-11289. It is classified as a missing authorization vulnerability and allows remote authenticated users to bypass security constraints through unspecified vectors. The base severity of this vulnerability is rated as CRITICAL with a base score of 9.9 out of 10, indicating a high level of danger to organizations. The exploitability score is 3.1, and it requires low privileges and no user interaction. The attack vector is through the network, and it has a high integrity impact and low confidentiality impact. To remediate this vulnerability, organizations should update their Synology Surveillance Station to version 9.2.0-9289 or 9.2.0-11289 to ensure that the security constraints are properly enforced and unauthorized access is prevented.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-29241 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options