Arbitrary Command Execution Vulnerability in Synology Camera Firmware
CVE-2023-47802

7.2HIGH

Key Information:

Vendor: Synology
Status: Camera Firmware
Vendor: CVE Published:; 28 June 2024

Summary

A vulnerability exists in the Synology Camera Firmware that involves improper neutralization of special elements utilized in OS commands, leading to OS Command Injection. This flaw permits remote authenticated users with administrator privileges to execute arbitrary commands on affected devices. Models at risk include the BC500 and TC500, specifically those running firmware versions prior to 1.0.7-0298. Security measures are crucial for users to prevent potential exploitation via unspecified vectors.

Affected Version(s)

Camera Firmware BC500 1.0

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Nov 10, 2023

Collectors

NVD DatabaseMitre Database

Credit

Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com)