Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-47263

CVE-2024-47263: Synology Hyper Backup Path Traversal

CVE-2024-47263 is a path traversal flaw in Synology Hyper Backup's Backup.Repository webapi component that allows authenticated administrators to write specific files. This post covers technical details, affected versions, and mitigation.

Published:

CVE-2024-47263 Overview

CVE-2024-47263 is a path traversal vulnerability [CWE-22] in the Backup.Repository webapi component of Synology Hyper Backup. The flaw affects versions before 4.1.2-4036 and allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information through unspecified vectors. The issue results from improper limitation of a pathname to a restricted directory.

Exploitation requires existing administrator credentials, which limits the practical attack surface. Successful abuse can place attacker-controlled files outside the intended backup repository scope on Synology DiskStation Manager (DSM) appliances.

Critical Impact

Authenticated administrators can write specific files containing non-sensitive information to locations outside the intended directory, affecting integrity on Synology Hyper Backup deployments before 4.1.2-4036.

Affected Products

  • Synology Hyper Backup versions before 4.1.2-4036
  • Synology DSM 7.x series appliances running vulnerable Hyper Backup builds
  • Backup.Repository webapi component

Discovery Timeline

  • 2026-06-03 - CVE-2024-47263 published to the National Vulnerability Database (NVD)
  • 2026-06-03 - Last updated in NVD database

Technical Details for CVE-2024-47263

Vulnerability Analysis

The vulnerability resides in the Backup.Repository webapi component of Synology Hyper Backup. The component fails to properly sanitize pathname input supplied through backup repository operations. As a result, an authenticated administrator can craft requests that traverse outside the intended directory boundary.

The scope is constrained by the attacker prerequisite of administrative privileges and by the limitation that only specific files containing non-sensitive information can be written. The vulnerability does not expose confidentiality or availability impacts according to the published vector. The changed scope indicates the write primitive reaches beyond the security authority of the Hyper Backup component itself.

Root Cause

The root cause is improper limitation of a pathname to a restricted directory [CWE-22]. The Backup.Repository webapi accepts pathname input that is used to construct file write operations without sufficient canonicalization or validation against an allow list of permitted directories. Traversal sequences in the supplied path are processed rather than rejected.

Attack Vector

The attack vector is network-based and requires authentication as an administrator on the target Synology appliance. An adversary with valid administrator credentials issues crafted requests to the Hyper Backup webapi endpoint exposed by DSM. The unspecified vectors referenced in the advisory map to repository-related parameters processed by the Backup.Repository component. Synology has not published exploit details, and no public proof-of-concept is available.

The vulnerability mechanism is described in prose only. See the Synology Hyper Backup Release Notes for vendor-published remediation information.

Detection Methods for CVE-2024-47263

Indicators of Compromise

  • Unexpected files written outside the configured Hyper Backup repository path on DSM volumes
  • Administrator-authenticated webapi requests to Backup.Repository containing path traversal sequences such as ../ in repository parameters
  • Hyper Backup task logs referencing repository paths that resolve outside standard backup directories

Detection Strategies

  • Review DSM audit and webapi logs for administrator sessions issuing Backup.Repository calls with anomalous pathname arguments
  • Compare the installed Hyper Backup package version against 4.1.2-4036 to identify vulnerable hosts
  • Monitor filesystem write activity on DSM volumes for new files created by Hyper Backup outside expected repository directories

Monitoring Recommendations

  • Forward DSM system and package logs to a centralized log platform for retention and correlation
  • Alert on administrative authentication events to DSM that originate from unexpected source networks
  • Track Hyper Backup package versions across the fleet and flag installations below 4.1.2-4036

How to Mitigate CVE-2024-47263

Immediate Actions Required

  • Upgrade Synology Hyper Backup to version 4.1.2-4036 or later on all affected DSM appliances
  • Restrict DSM administrator account access and enforce multi-factor authentication on those accounts
  • Audit existing Hyper Backup repository configurations for unexpected pathnames

Patch Information

Synology has addressed the vulnerability in Hyper Backup 4.1.2-4036. Apply the update through DSM Package Center or download the fixed package referenced in the Synology Hyper Backup Release Notes. Verify the package version after installation to confirm remediation.

Workarounds

  • Limit DSM administrator account assignments to the minimum required personnel until patching is complete
  • Restrict network exposure of DSM management interfaces to trusted administrative networks only
  • Disable or pause Hyper Backup tasks on internet-exposed DSM appliances until the patched package is installed
bash
# Verify Hyper Backup package version on DSM via SSH
synopkg version HyperBackup

# Expected output should be 4.1.2-4036 or later

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne