Synology Surveillance Station includes an IO Module that manages file I/O operations. In versions prior to 9.2.2-11575 and 9.2.2-9575, the module contains an incorrect authorization check that permits remote authenticated users who already have administrator privileges to perform limited file write operations. This flaw is an example of improper authorization (CWE-863). An attacker who can authenticate as an administrator could modify configuration files or upload malicious files to the device, potentially disrupting service or facilitating further attack steps.

The vulnerability affects Synology’s Surveillance Station software on devices running versions earlier than 9.2.2-11575 and 9.2.2-9575. Administrators with full control of the system can exploit the flaw. Systems that have not upgraded beyond these build numbers are at risk.

The CVSS base score of 2.7 indicates low severity, and the lack of publicly available EPSS data combined with its absence from the CISA KEV catalog suggests it is not currently being exploited in the wild. Exploitation requires a remote authenticated session with administrator rights; an attacker possessing such credentials, perhaps obtained through credential compromise or social engineering, could use the flaw to alter system files. Because the attack vector is limited to administrators, risk is confined to environments where privileged credentials are compromised.