Description
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
Published: 2026-05-27
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a path traversal flaw in the Archiving Pull functionality of Synology Surveillance Station. It allows remote authenticated users with administrator privileges to write files through unspecified vectors, representing a CWE‑22 weakness. The flaw does not provide arbitrary code execution or complete system compromise, but enables controlled file writes within the system.

Affected Systems

Synology Surveillance Station deployments running versions prior to 9.2.2‑11575 and 9.2.2‑9575 are affected. The issue exists in all earlier builds before these release identifiers published by Synology.

Risk and Exploitability

With a CVSS score of 2.7 the vulnerability is considered low severity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a remote authenticated account with administrator privileges and the Archiving Pull feature enabled. The impact is limited to the ability to write files to the filesystem via unsanitized path traversal, without direct provision for arbitrary code execution or system compromise. Mitigation focuses on applying the vendor patch or restricting access to the vulnerable interface.

Generated by OpenCVE AI on May 27, 2026 at 10:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Surveillance Station to version 9.2.2‑11575 or later, which contains the path traversal fix.
  • If an upgrade is not immediately feasible, restrict remote administrator access to trusted networks or implement strict firewall rules to limit exposure to the Archiving Pull interface.
  • If possible, disable the Archiving Pull feature or enforce stricter path restrictions through system configuration to prevent the exploit from writing arbitrary files.

Generated by OpenCVE AI on May 27, 2026 at 10:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Path Traversal Allowing Limited File Write in Synology Surveillance Station Archiving Pull
First Time appeared Synology
Synology surveillance Station
Vendors & Products Synology
Synology surveillance Station

Wed, 27 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Synology Surveillance Station
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-05-27T08:29:16.278Z

Reserved: 2024-09-24T03:58:57.133Z

Link: CVE-2024-47267

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-27T09:16:25.483

Modified: 2026-05-27T09:16:25.483

Link: CVE-2024-47267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T11:00:13Z

Weaknesses