We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-4464



Description

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

Reserved 2024-05-03 | Published 2024-12-18 | Updated 2024-12-18 | Assigner synology


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Authorization Bypass Through User-Controlled Key

Product status

Default status
affected

* before 2.0.5-3152
affected

* before 2.2.0-3325
affected

* before 1.4-2680
affected

Credits

TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_24_28 (Synology-SA-24:28 Media Server) vendor-advisory

cve.org (CVE-2024-4464)

nvd.nist.gov (CVE-2024-4464)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-4464

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.