Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors.
Synology
Exploit
CVE-2024-29241
NVD
Refer to CVE-2024-29241 NVD advisory