Arbitrary Command Execution Vulnerability in Synology Camera Firmware
CVE-2023-47802
7.2HIGH
What is CVE-2023-47802?
A vulnerability exists in the Synology Camera Firmware that involves improper neutralization of special elements utilized in OS commands, leading to OS Command Injection. This flaw permits remote authenticated users with administrator privileges to execute arbitrary commands on affected devices. Models at risk include the BC500 and TC500, specifically those running firmware versions prior to 1.0.7-0298. Security measures are crucial for users to prevent potential exploitation via unspecified vectors.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Camera Firmware BC500 1.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com)