Missing Authorization Vulnerability in Synology Surveillance Station
CVE-2024-47268

4.9MEDIUM

Key Information:

Vendor: Synology
Status: Surveillance Station
Vendor: CVE Published:; 27 May 2026

What is CVE-2024-47268?

A missing authorization vulnerability exists in the AddOns functionality of Synology Surveillance Station, prior to versions 9.2.2-11575 and 9.2.2-9575. This flaw enables remote authenticated users with administrator privileges to access sensitive information through unspecified vectors, potentially compromising user data and system integrity.

Affected Version(s)

Surveillance Station *

Surveillance Station * < 9.2.2-9575

Surveillance Station * < 9.2.2-11575

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Sep 24, 2024

Credit

Zhao Runzi (赵润梓)

李建申（https://lsr00ter.github.io）

CVE-2024-47268 Data

JSON