Synology-SA-24:28 Media Server
Publish Time: 2024-12-11 17:11:36 UTC+8
Last Updated: 2024-12-18 14:00:51 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
A vulnerability allows remote attackers to read specific files.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Media Server for DSM 7.2 | Important | Upgrade to 2.2.0-3325 or above. |
| Media Server for DSM 7.1 | Important | Upgrade to 2.0.5-3152 or above. |
| Media Server for SRM 1.3 | Important | Upgrade to 1.4-2680 or above. |
Mitigation
None
Detail
- CVE-2024-4464
- Severity: Important
- CVSS3 Base Score: 7.5
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
Acknowledgement
TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND)
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-12-11 | Initial public release. |
| 2 | 2024-12-18 | Disclosed vulnerability details. |