CVE-2024-29231

Published: Mar 28, 2024Modified: Aug 4, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Affected (2)

Products: Synology: Surveillance Station

1 product

Surveillance Station

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Surveillance Station	Before 9.2.0-9289

Running on/with	Platform Versions
Synology Diskstation Manager	Version 6.2

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Synology Surveillance Station	Before 9.2.0-11289

Running on/with	Platform Versions
Synology Diskstation Manager	Version 7.1
Synology Diskstation Manager	Version 7.2

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.