Synology Surveillance Station — known CVE vulnerabilities
Every CVE whose affected-product data names Synology Surveillance Station, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2024-29241 — CVSS 9.9 (critical): Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows…
CVE-2024-29228 — CVSS 7.7 (high): Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289…
CVE-2024-29229 — CVSS 7.7 (high): Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289…
CVE-2017-16770 — CVSS 6.5 (medium): File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station…
CVE-2017-16767 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated…
CVE-2024-29227 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in…
CVE-2024-29231 — CVSS 5.4 (medium): Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289…
CVE-2024-29232 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in…
CVE-2024-29233 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in…
CVE-2024-29234 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in…
CVE-2024-29235 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in…
CVE-2024-29236 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component…
CVE-2024-29237 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in…
CVE-2024-29238 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component…
CVE-2024-29239 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi…
CVE-2024-29230 — CVSS 5.4 (medium): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi…
CVE-2024-47271 — CVSS 4.9 (medium): Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and…
CVE-2024-47269 — CVSS 4.9 (medium): Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before…
CVE-2024-47268 — CVSS 4.9 (medium): Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows…
CVE-2023-52944 — CVSS 4.3 (medium): Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289…
CVE-2024-29240 — CVSS 4.3 (medium): Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289…
CVE-2023-52943 — CVSS 4.3 (medium): Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289…
CVE-2024-47267 — CVSS 2.7 (low): Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology…
CVE-2024-47272 — CVSS 2.7 (low): Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows…
CVE-2024-47270 — CVSS 2.7 (low): Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and…