SecuriTricks - CVE-2024-47270

Description

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

Product(s) Impacted

Vendor	Product	Versions
Synology	Surveillance Station Diskstation Manager	* 7.2, 7.1, 6.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	synology	surveillance_station	/	/	/	/	/	/	/	/
o	synology	diskstation_manager	7.2	/	/	/	/	/	/	/
a	synology	surveillance_station	/	/	/	/	/	/	/	/
o	synology	diskstation_manager	7.1	/	/	/	/	/	/	/
a	synology	surveillance_station	/	/	/	/	/	/	/	/
o	synology	diskstation_manager	6.2	/	/	/	/	/	/	/

References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_25

CVSS Score

2.7 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: HIGH
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

View Vector String

Timeline

Published: May 27, 2026, 9:16 a.m.
Last Modified: May 28, 2026, 6:38 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2024-47270