Synology-SA-24:25 Surveillance Station

Abstract

Multiple vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML.

Multiple vulnerabilities allow remote authenticated users to obtain sensitive information.

Multiple vulnerabilities allow remote authenticated users with administrator privileges to read or write specific files.

Affected Products

Product	Severity	Fixed Release Availability
Surveillance Station for DSM 7.2	Moderate	Upgrade to 9.2.2-11575 or above.
Surveillance Station for DSM 7.1	Moderate	Upgrade to 9.2.2-11575 or above.
Surveillance Station for DSM 6.2	Moderate	Upgrade to 9.2.2-9575 or above.

Mitigation

None

Detail

• CVE-2024-47268

  • Severity: Moderate
  • CVSS3 Base Score: 4.9
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CWE-862: Missing Authorization
  • Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

• CVE-2024-47269

  • Severity: Moderate
  • CVSS3 Base Score: 4.9
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CWE-319: Cleartext Transmission of Sensitive Information
  • Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

• CVE-2024-47271

  • Severity: Moderate
  • CVSS3 Base Score: 4.9
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CWE-522: Insufficiently Protected Credentials
  • Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

• CVE-2024-47267

  • Severity: Low
  • CVSS3 Base Score: 2.7
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

• CVE-2024-47270

  • Severity: Low
  • CVSS3 Base Score: 2.7
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
  • CWE-281: Improper Preservation of Permissions
  • Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

• CVE-2024-47272

  • Severity: Low
  • CVSS3 Base Score: 2.7
  • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
  • CWE-863: Incorrect Authorization
  • Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

Acknowledgement

• Tim Coen (https://security-consulting.icu/)

• Zhao Runzi (赵润梓)

• 李建申（https://lsr00ter.github.io）

Reference

• CVE-2024-47267
• CVE-2024-47268
• CVE-2024-47269
• CVE-2024-47270
• CVE-2024-47271
• CVE-2024-47272

Revision

Revision	Date	Description
1	2024-11-26	Initial public release.
2	2026-05-27	Disclosed vulnerability details.