Vulnerability Details CVE-2024-4464
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-4464
-
cpe:2.3:a:synology:media_server:*
-
cpe:2.3:a:synology:media_server:-
-
cpe:2.3:a:synology:media_server:1.0-2260
-
cpe:2.3:a:synology:media_server:1.1-2325
-
cpe:2.3:a:synology:media_server:1.1-2327
-
cpe:2.3:a:synology:media_server:1.1-2406
-
cpe:2.3:a:synology:media_server:1.1-2407
-
cpe:2.3:a:synology:media_server:1.1-2411
-
cpe:2.3:a:synology:media_server:1.2-2489
-
cpe:2.3:a:synology:media_server:1.2-2491
-
cpe:2.3:a:synology:media_server:1.2-2492
-
cpe:2.3:a:synology:media_server:1.3-2575
-
cpe:2.3:a:synology:media_server:1.4
-
cpe:2.3:a:synology:media_server:1.4-2629
-
cpe:2.3:a:synology:media_server:1.4-2642
-
cpe:2.3:a:synology:media_server:1.4-2644
-
cpe:2.3:a:synology:media_server:1.4-2649
-
cpe:2.3:a:synology:media_server:1.4-2653
-
cpe:2.3:a:synology:media_server:1.4-2654