CVE-2024-4464 | THREATINT

Description

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

PUBLISHED Reserved 2024-05-03 | Published 2024-12-18 | Updated 2024-12-18 | Assigner synology

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Authorization Bypass Through User-Controlled Key

Product status

Default status

affected

* (semver) before 2.0.5-3152

affected

* (semver) before 2.2.0-3325

affected

* (semver) before 1.4-2680

affected

Credits

TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_24_28 (Synology-SA-24:28 Media Server) vendor-advisory

cve.org (CVE-2024-4464)

nvd.nist.gov (CVE-2024-4464)

Download JSON