Synology Surveillance Station
25 CVEs affecting Synology Surveillance Station. Latest disclosed: 2026-05-27. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-29241 | Critical | 9.9 | 2024-03-28 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated u… |
CVE-2024-29229 | High | 7.7 | 2024-03-28 | Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authen… |
CVE-2024-29228 | High | 7.7 | 2024-03-28 | Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenti… |
CVE-2024-29239 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Su… |
CVE-2024-29238 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveill… |
CVE-2024-29237 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillan… |
CVE-2024-29236 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveill… |
CVE-2024-29235 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillanc… |
CVE-2024-29234 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Stat… |
CVE-2024-29233 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Sta… |
CVE-2024-29232 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Stat… |
CVE-2024-29231 | Medium | 5.4 | 2024-03-28 | Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allo… |
CVE-2024-29230 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Sur… |
CVE-2024-29227 | Medium | 5.4 | 2024-03-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillan… |
CVE-2024-47271 | Medium | 4.9 | 2026-05-27 | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote auth… |
CVE-2024-47269 | Medium | 4.9 | 2026-05-27 | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 al… |
CVE-2024-47268 | Medium | 4.9 | 2026-05-27 | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated user… |
CVE-2023-52944 | Medium | 4.3 | 2024-12-04 | Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authentic… |
CVE-2023-52943 | Medium | 4.3 | 2024-12-04 | Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authen… |
CVE-2024-29240 | Medium | 4.3 | 2024-03-28 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticat… |