CVE-2024-47270

Vulnerability

An improper preservation of permissions vulnerability exists in the Archiving Push functionality of Synology Surveillance Station, as described in the advisory [1]. This flaw affects versions prior to 9.2.2-11575 (for DSM 7.2 and 7.1) and 9.2.2-9575 (for DSM 6.2) [1]. The vulnerability is classified as Low severity with a CVSS v3 base score of 2.7 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). The issue allows a remote authenticated user with administrator privileges to perform a limited file write via unspecified vectors [1].

Exploitation

To exploit this vulnerability, an attacker must have valid credentials and administrator privileges on the Synology Surveillance Station instance [1]. The attack is network-based with low complexity, requiring no user interaction. The attacker leverages the Archiving Push functionality to write specific files, though the exact sequence of steps is not disclosed in the available references [1].

Impact

Successful exploitation enables an authenticated administrator to write limited files on the system, potentially leading to a partial compromise of file integrity. The CIA impact is limited to integrity, with no direct confidentiality or availability impact beyond the file write capability [1]. The attacker remains at the administrator privilege level.

Mitigation

The vulnerability is fixed in Surveillance Station versions 9.2.2-11575 and 9.2.2-9575 as released on 2026-05-27 [1]. Users should upgrade to the appropriate fixed version for their DSM platform. Synology's advisory [1] lists no workaround; the recommended mitigation is to apply the update. There is no indication that this CVE is listed on the CISA KEV [1].