CVE-2024-47267

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575

Description A path traversal issue exists in the Archiving Pull functionality. This occurs when there is an improper limitation of a pathname to a restricted directory, allowing remote authenticated users with administrator privileges to perform limited file writes via unspecified vectors. Path traversal is a flaw that allows an attacker to access files and directories that are stored outside the web root folder.

Recommendations Update to version 9.2.2-11575 or later. Update to version 9.2.2-9575 or later.