CVE-2024-47263
Description
Synology Hyper Backup's Backup.Repository webapi has a path traversal vulnerability allowing authenticated administrators to write specific files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Synology Hyper Backup's Backup.Repository webapi has a path traversal vulnerability allowing authenticated administrators to write specific files.
Vulnerability
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability exists in the Backup.Repository webapi component of Synology Hyper Backup before version 4.1.2-4036. This vulnerability allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors [1].
Exploitation
An attacker needs to be a remote authenticated user with administrator privileges. The attacker can exploit this vulnerability by sending specific requests via unspecified vectors to the Backup.Repository webapi component to write files [1].
Impact
Successful exploitation allows an attacker to write specific files containing non-sensitive information to the filesystem. The scope of the compromise is limited to the ability to write these specific files, and the privilege level is that of an administrator [1].
Mitigation
Synology Hyper Backup version 4.1.2-4036 and later contain a fix for this vulnerability. Users are advised to update to the latest version to mitigate the risk [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <4.1.2-4036
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- Synology: Five Vulnerabilities Disclosed, Including Two High-Severity Code Execution FlawsVypr Intelligence · Jun 3, 2026