VYPR

Surveillance Station Pro

by Qnap

CVEs (29)

  • CVE-2017-12582CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.

  • CVE-2024-47271MedMay 27, 2026
    risk 0.32cvss 4.9epss 0.00

    Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

  • CVE-2024-47269MedMay 27, 2026
    risk 0.32cvss 4.9epss 0.00

    Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

  • CVE-2024-47268MedMay 27, 2026
    risk 0.32cvss 4.9epss 0.00

    Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

  • CVE-2024-47272LowMay 27, 2026
    risk 0.18cvss 2.7epss 0.00

    Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

  • CVE-2024-47270LowMay 27, 2026
    risk 0.18cvss 2.7epss 0.00

    Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

  • CVE-2024-47267LowMay 27, 2026
    risk 0.18cvss 2.7epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write…

  • CVE-2013-0143Jun 7, 2013
    risk 0.04cvss epss 0.07

    cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

  • CVE-2023-52944Dec 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.

  • CVE-2023-52943Dec 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.

  • CVE-2024-29241Mar 28, 2024
    risk 0.00cvss epss 0.01

    Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via…

  • CVE-2024-29240Mar 28, 2024
    risk 0.00cvss epss 0.01

    Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.

  • CVE-2024-29239Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing…

  • CVE-2024-29238Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…

  • CVE-2024-29237Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29236Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…

  • CVE-2024-29235Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29234Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29233Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29232Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

Page 1 of 2