Incorrect Authorization Vulnerability in Synology Surveillance Station
CVE-2023-52944

4.3MEDIUM

Key Information:

Vendor: Synology
Status: Surveillance Station
Vendor: CVE Published:; 4 December 2024

Summary

An incorrect authorization vulnerability exists in the ActionRule webapi component of Synology Surveillance Station, allowing remote authenticated users to perform limited actions on the action rules function. This flaw could potentially lead to unauthorized modifications or interactions with security settings, impacting the overall integrity and security of the surveillance environment. Users are advised to update to the latest version to mitigate any associated risks.

References

https://www.synology.com/en-global/security/advisory/Syno...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2024