CVE-2024-47273
Description
Synology Hyper Backup 4.1.2-4036 and earlier suffer from a path traversal vulnerability allowing authenticated users to write arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Synology Hyper Backup 4.1.2-4036 and earlier suffer from a path traversal vulnerability allowing authenticated users to write arbitrary files.
Vulnerability
An improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability exists in the Backup Task functionality of Synology Hyper Backup versions prior to 4.1.2-4036. This flaw allows for the overwriting of specific files.
Exploitation
An attacker must be a remote authenticated user with access to the Synology Hyper Backup application. The specific vectors for exploitation are not disclosed, but the vulnerability allows for the writing of specific files.
Impact
Successful exploitation of this vulnerability allows an authenticated attacker to write specific files to the system, potentially leading to system instability or unauthorized modifications depending on the targeted file.
Mitigation
Synology has released Hyper Backup version 4.1.2-4036, which addresses this vulnerability. Users are advised to update to this version or later. The release notes indicate a staged rollout for this version [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <4.1.2-4036
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- Synology: Five Vulnerabilities Disclosed, Including Two High-Severity Code Execution FlawsVypr Intelligence · Jun 3, 2026