2.7
CVE-2024-47270
- EPSS 0.25%
- Veröffentlicht 27.05.2026 08:29:56
- Zuletzt bearbeitet 28.05.2026 18:38:05
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Surveillance Station Version < 9.2.2-11575
Synology ≫ Surveillance Station Version < 9.2.2-11575
Synology ≫ Surveillance Station Version < 9.2.2-9575
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.16 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_25