CVE-2024-29235

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*
OR cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*

History

01 Aug 2025, 05:15

Type Values Removed Values Added
Summary (en) Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. (en) Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

14 Jan 2025, 19:29

Type Values Removed Values Added
CPE cpe:2.3:a:synology:diskstation_manager:7.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*

14 Jan 2025, 18:25

Type Values Removed Values Added
First Time Synology
Synology diskstation Manager
Synology surveillance Station
References () https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 - () https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 - Vendor Advisory
CPE cpe:2.3:a:synology:diskstation_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:7.2:*:*:*:*:*:*:*

21 Nov 2024, 09:07

Type Values Removed Values Added
Summary
  • (es) La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en el componente webapi IOModule.EnumLog en Synology Surveillance Station anterior a 9.2.0-11289 y 9.2.0-9289 permite a usuarios remotos autenticados inyectar comandos SQL a través de vectores no especificados .
References () https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 - () https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 -

28 Mar 2024, 07:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-28 07:16

Updated : 2025-08-01 05:15


NVD link : CVE-2024-29235

Mitre link : CVE-2024-29235

CVE.ORG link : CVE-2024-29235


JSON object : View

Products Affected

synology

  • diskstation_manager
  • surveillance_station
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')