CVE-2024-29228
📋 TL;DR
This vulnerability allows remote authenticated users to access sensitive information through the GetStmUrlPath webapi component in Synology Surveillance Station. It affects all authenticated users of Synology Surveillance Station installations before patched versions. The missing authorization check enables unauthorized data access.
💻 Affected Systems
- Synology Surveillance Station
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive surveillance data, camera feeds, configuration details, or user information, potentially leading to privacy violations, surveillance bypass, or further network compromise.
Likely Case
Authenticated users (including low-privileged accounts) can access surveillance data or system information they shouldn't have permission to view, violating data confidentiality.
If Mitigated
With proper access controls and network segmentation, impact is limited to unauthorized data access within the surveillance system compartment.
🎯 Exploit Status
Requires authenticated access but no special privileges. Exploitation vectors unspecified in advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.2.0-9289 or 9.2.0-11289
Vendor Advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
Restart Required: Yes
Instructions:
1. Log into DSM as administrator. 2. Open Package Center. 3. Find Surveillance Station. 4. Click Update if available. 5. Alternatively, download from Synology website and manually install. 6. Restart Surveillance Station service.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Surveillance Station to trusted networks only
Access Control Tightening
allReview and minimize authenticated user accounts, implement least privilege
🧯 If You Can't Patch
- Isolate Surveillance Station on separate VLAN with strict firewall rules
- Implement application-level monitoring for unauthorized access attempts to GetStmUrlPath endpoint
🔍 How to Verify
Check if Vulnerable:
Check Surveillance Station version in Package Center or via SSH: synopkg version SurveillanceStationCheck Version:
synopkg version SurveillanceStationVerify Fix Applied:
Confirm version is 9.2.0-9289 or higher, or 9.2.0-11289 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to GetStmUrlPath API endpoint
- Multiple failed authorization attempts followed by successful access
Network Indicators:
- HTTP requests to /webapi/GetStmUrlPath from unexpected sources
- Traffic spikes to surveillance API endpoints
SIEM Query:
source="surveillance_logs" AND (uri_path="/webapi/GetStmUrlPath" OR api_call="GetStmUrlPath")