Description
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
Published: 2026-05-27
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper preservation of permissions flaw in the Archiving Push feature of Synology Surveillance Station allows a remote authenticated user with administrator privileges to write files on the system. This flaw can enable an attacker to alter configuration files or upload malicious payloads, potentially leading to further compromise or unauthorized data modification. The vulnerability can be exploited by any user holding admin credentials, giving them the ability to affect files that are normally protected.

Affected Systems

Synology Surveillance Station versions earlier than 9.2.2-11575 and 9.2.2-9575 are affected. No other products or versions are currently listed as vulnerable.

Risk and Exploitability

The CVSS base score of 2.7 indicates low overall severity, and there is no EPSS data available. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote authenticated, requiring administrative credentials. While the risk is low, compromised admin privileges could allow file write capabilities that may facilitate further attacks or data tampering.

Generated by OpenCVE AI on May 27, 2026 at 10:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Synology Surveillance Station to version 9.2.2-11575 or later, or 9.2.2-9575 or later.
  • Restrict administrative privileges to only those users who truly need them, and enforce least privilege principles.
  • Deploy file integrity monitoring to detect and alert on unauthorized changes to critical system files.

Generated by OpenCVE AI on May 27, 2026 at 10:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Improper Permission Preservation in Synology Surveillance Station Archiving Push Feature

Wed, 27 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology surveillance Station
Vendors & Products Synology
Synology surveillance Station

Wed, 27 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
Weaknesses CWE-281
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Synology Surveillance Station
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-05-27T08:29:56.839Z

Reserved: 2024-09-24T03:58:57.133Z

Link: CVE-2024-47270

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-27T09:16:25.867

Modified: 2026-05-27T09:16:25.867

Link: CVE-2024-47270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T11:00:13Z

Weaknesses