Skip to main content

Surveillance Station

17 CVEs product

Monthly

CVE-2024-29241 CRITICAL Act Now

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-29240 MEDIUM This Month

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-29239 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29238 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29237 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29236 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29235 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29234 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29233 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29232 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29231 MEDIUM This Month

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-29230 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29229 HIGH This Week

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2024-29228 HIGH This Week

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2024-29227 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38687 CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap Surveillance Station
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-28797 CRITICAL Act Now

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap Stack Overflow Surveillance Station
NVD
CVSS 3.1
9.8
EPSS
5.9%
EPSS 1% CVSS 9.9
CRITICAL Act Now

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap +1
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qnap +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy