CVE-2023-52944

Published: Dec 4, 2024Modified: Mar 6, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.

Affected (2)

Products: Synology: Surveillance Station

Synology

1 product

Surveillance Station

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Surveillance Station	Before 9.2.0-9289

Running on/with	Platform Versions
Synology Diskstation Manager	Version 6.2

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Synology Surveillance Station	Before 9.2.0-11289

Running on/with	Platform Versions
Synology Diskstation Manager	Version 7.1
Synology Diskstation Manager	Version 7.2

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04

Source: security@synology.com

Vendor Advisory

Timeline

No history available yet.