CVE-2024-47265 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-47265

Analyzed

More Info Official Page

Source-security@synology.com

Published At-13 Feb, 2025 | 07:15

Updated At-26 Feb, 2026 | 21:17

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CPE Matches

>>active_backup_for_business_agent>>Versions before 2.7.1-13234(exclusive)

cpe:2.3:a:synology:active_backup_for_business_agent:*:*:*:*:*:*:*:*

>>diskstation_manager>>7.1

cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*

>>active_backup_for_business_agent>>Versions before 2.7.1-3234(exclusive)

cpe:2.3:a:synology:active_backup_for_business_agent:*:*:*:*:*:*:*:*

>>diskstation_manager>>6.2

cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*

>>active_backup_for_business_agent>>Versions before 2.7.1-23234(exclusive)

cpe:2.3:a:synology:active_backup_for_business_agent:*:*:*:*:*:*:*:*

>>diskstation_manager>>7.2

cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-73	Secondary	security@synology.com

CWE ID: CWE-73

Type: Secondary

Source: security@synology.com

References

Hyperlink	Source	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_25_02	security@synology.com	Vendor Advisory

Hyperlink: https://www.synology.com/en-global/security/advisory/Synology_SA_25_02

Source: security@synology.com

Resource:

Vendor Advisory