Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN580
_____________________________________________________________________

DATE                : 03/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Surveillance Station for DSM
                      versions prior to 9.2.2-11575, 9.2.2-9575.

=====================================================================
https://www.synology.com/en-global/security/advisory/Synology_SA_24_25
_____________________________________________________________________

Synology-SA-24:25 Surveillance Station

Publish Time: 2024-11-26 16:24:00 UTC+8
Last Updated: 2026-05-27 16:31:29 UTC+8
 
Severity
Moderate
  
Status
Resolved
Abstract

Multiple vulnerabilities allow remote authenticated users to inject
arbitrary web script or HTML.

Multiple vulnerabilities allow remote authenticated users to obtain
sensitive information.

Multiple vulnerabilities allow remote authenticated users with
administrator privileges to read or write specific files.


Affected Products

Product	Severity	Fixed Release Availability
Surveillance Station for DSM 7.2	Moderate	Upgrade to 9.2.2-11575 or above.
Surveillance Station for DSM 7.1	Moderate	Upgrade to 9.2.2-11575 or above.
Surveillance Station for DSM 6.2	Moderate	Upgrade to 9.2.2-9575 or above.


Mitigation

None

Detail

CVE-2024-47268
Severity: Moderate
CVSS3 Base Score: 4.9
CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-862: Missing Authorization
Missing authorization vulnerability in AddOns functionality in Synology Surveillance
Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with
administrator privileges to obtain sensitive information via unspecified vectors.

CVE-2024-47269
Severity: Moderate
CVSS3 Base Score: 4.9
CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-319: Cleartext Transmission of Sensitive Information
Cleartext transmission of sensitive information vulnerability in Export Key
functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575
allows remote authenticated users with administrator privileges to obtain
sensitive information via unspecified vectors.

CVE-2024-47271
Severity: Moderate
CVSS3 Base Score: 4.9
CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-522: Insufficiently Protected Credentials
Insufficiently protected credentials vulnerability in IPSpeaker component in
Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote
authenticated users with administrator privileges to obtain sensitive
information via unspecified vectors.

CVE-2024-47267
Severity: Low
CVSS3 Base Score: 2.7
CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper limitation of a pathname to a restricted directory ('Path Traversal')
vulnerability in Archiving Pull functionality in Synology Surveillance Station
before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with
administrator privileges to limited file write via unspecified vectors.

CVE-2024-47270
Severity: Low
CVSS3 Base Score: 2.7
CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-281: Improper Preservation of Permissions
Improper preservation of permissions vulnerability in Archiving Push functionality
in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote
authenticated users with administrator privileges to limited file write via
unspecified vectors.

CVE-2024-47272
Severity: Low
CVSS3 Base Score: 2.7
CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-863: Incorrect Authorization
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance
Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with
administrator privileges to limited file write via unspecified vectors.


Acknowledgement

Tim Coen (https://security-consulting.icu/)
Zhao Runzi (赵润梓)
李建申（https://lsr00ter.github.io）


Reference

CVE-2024-47267
CVE-2024-47268
CVE-2024-47269
CVE-2024-47270
CVE-2024-47271
CVE-2024-47272


Revision

Revision	Date	Description
1	2024-11-26	Initial public release.
2	2026-05-27	Disclosed vulnerability details.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================