Arbitrary Command Execution Vulnerability in Synology Camera Firmware

CVE-2023-47802
7.2HIGH

Key Information

Vendor
Synology
Status
Camera Firmware
Vendor
CVE Published:
28 June 2024

Summary

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Affected Version(s)

Camera Firmware <= 1.0

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com)
.