Vulnerabilities > CVE-2023-52944 - Incorrect Authorization vulnerability in Synology Surveillance Station

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

synology

CWE-863

NVD

Published: 2024-12-04

Updated: 2024-12-04

Summary

Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Surveillance Station 6.0-2367 Synology Surveillance Station 6.0-2383 Synology Surveillance Station 6.0-2636 Synology Surveillance Station 6.0-2713 Synology Surveillance Station 6.0-2719 Synology Surveillance Station 6.1-2941 Synology Surveillance Station 6.1-2976 Synology Surveillance Station 6.1-2983 Synology Surveillance Station 6.2-3120 Synology Surveillance Station 6.2-3141 Synology Surveillance Station 6.2-3147 Synology Surveillance Station 6.3-3341 Synology Surveillance Station 6.3-3347 Synology Surveillance Station 6.3-3364 Synology Surveillance Station 6.3-3380 Synology Surveillance Station 7.0-3742 Synology Surveillance Station 7.0-3762 Synology Surveillance Station 7.0-3775 Synology Surveillance Station 7.0-3778 Synology Surveillance Station 7.1-4056 Synology Surveillance Station 7.1-4058 Synology Surveillance Station 7.1-4080 Synology Surveillance Station 7.1-4110 Synology Surveillance Station 7.1-4122 Synology Surveillance Station 7.1-4141 Synology Surveillance Station 7.1-4146 Synology Surveillance Station 7.1-4152 Synology Surveillance Station 7.1-4155 Synology Surveillance Station 7.2.0-4556 Synology Surveillance Station 7.2.1-4602 Synology Surveillance Station 7.2.2-4649 Synology Surveillance Station 7.2.3-4664 Synology Surveillance Station 7.2.4-4683 Synology Surveillance Station 7.2.5-4696 Synology Surveillance Station 7.2.6-4704 Synology Surveillance Station 8.0.0-5122 Synology Surveillance Station 8.0.0-5123 Synology Surveillance Station 8.0.1-5128 Synology Surveillance Station 8.0.2-5158 Synology Surveillance Station 8.0.3-5159 Synology Surveillance Station 8.0.4-5164 Synology Surveillance Station 8.0.5-5190 Synology Surveillance Station 8.0.6-5193 Synology Surveillance Station 8.0.7-5199 Synology Surveillance Station 8.1.0-5406 Synology Surveillance Station 8.1.1-5408 Synology Surveillance Station 8.1.2-5469 Synology Surveillance Station 8.1.3-5473 Synology Surveillance Station 8.1.4-5498 Synology Surveillance Station 8.1.5-5513 Synology Surveillance Station 8.1.6-5519 Synology Surveillance Station 8.2.0-5761 Synology Surveillance Station 8.2.1-5765 Synology Surveillance Station 8.2.2-5766 Synology Surveillance Station 8.2.3-5828	55
OS	Synology Synology Diskstation Manager 6.2 Synology Diskstation Manager 7.1 Synology Diskstation Manager 7.2	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_04