WARNING: CRITICAL VULNERABILITY IN SYNOLOGY SURVEILLANCE STATION SOFTWARE, PATCH IMMEDIATELY!
CVE-2024-29241
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H)
Sources
Risks
Synology Surveillance Station is a surveillance solution with video monitoring, management, and analysis tools.
Exploitation of recently disclosed CVE-2024-29241 could have an impact on the integrity and availability of (data on) the system. Remote users have to be authenticated. No information is available whether or not the flaw is actively exploited. A patch is available.
Description
A missing authorization vulnerability in the System webapi component in the affected Synology Surveillance Station software allows bypass of security constraints via unspecified vectors.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.