9.9
CVE-2024-29241
- EPSS 0.75%
- Veröffentlicht 28.03.2024 07:16:12
- Zuletzt bearbeitet 12.08.2025 17:34:11
- Quelle security@synology.com
- Teams Watchlist Login
- Unerledigt Login
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Surveillance Station Version < 9.2.0-9289
Synology ≫ Surveillance Station Version < 9.2.0-11289
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.75% | 0.722 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
|
| security@synology.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.