Path Traversal Vulnerability Affects Synology Cameras
CVE-2023-47803

5.3MEDIUM

Key Information:

Vendor
Synology
Vendor
CVE Published:
28 June 2024

Summary

A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Affected Version(s)

Camera Firmware BC500 1.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com)
.