Authorization Bypass Vulnerability in Synology Media Server

CVE-2024-4464

Summary

CVE-2024-4464 is a critical authorization bypass vulnerability found in Synology Media Server versions prior to 1.4-2680, 2.0.5-3152, and 2.2.0-3325. This flaw allows remote attackers to exploit user-controlled keys, enabling them to bypass authorization mechanisms and access sensitive files through unspecified vectors. As a result, this vulnerability poses a significant risk to data integrity and confidentiality for users of the Synology Media Server. It is essential for affected users to update to the latest versions to mitigate the risk of exploitation.

References