{"timestamp":"2024-03-28T19:07:24.893571Z","id":"CVE-2024-29231","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Synology","product":"Surveillance Station","defaultStatus":"affected","versions":[{"version":"*","lessThan":"9.2.0-11289","versionType":"semver","status":"affected"},{"version":"*","lessThan":"9.2.0-9289","versionType":"semver","status":"affected"}]}]

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AND
     OR
          *cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.0-11289
     OR
          cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*
          cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.0-9289
     OR
          cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 No Types Assigned

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 No Types Assigned

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.

Synology Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Synology Inc. CWE-129

Synology Inc. https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 [No types assigned]