CVE-2024-47265

Vulnerability

A path traversal vulnerability exists in the encrypted share umount functionality of Synology Active Backup for Business. The software fails to properly limit pathnames to a restricted directory, allowing an attacker to write files outside the intended location. This affects versions before 2.7.1-13234 (DSM 7.1), 2.7.1-23234 (DSM 7.2), and 2.7.1-3234 (DSM 6.2) [1].

Exploitation

An attacker must be a remote authenticated user with administrator privileges on the Synology NAS. The exact exploitation vectors are not publicly detailed, but the vulnerability is triggered through the encrypted share unmount operation. No user interaction beyond authentication is required [1].

Impact

Successful exploitation allows the attacker to write specific files to arbitrary locations on the system. This compromises the integrity of the affected system, potentially leading to further compromise. The CVSS score is 6.5 (Medium) with a vector of AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating high integrity impact but no confidentiality or availability impact [1].

Mitigation

Synology has released fixed versions: upgrade to Active Backup for Business 2.7.1-13234 (DSM 7.1), 2.7.1-23234 (DSM 7.2), or 2.7.1-3234 (DSM 6.2) or later. No workarounds are provided. The advisory was published on 2025-02-11 [1].