External Format String Vulnerability in Synology Camera Firmware
CVE-2023-5746

9.8CRITICAL

Key Information:

Vendor: Synology
Status: Camera Firmware
Vendor: CVE Published:; 25 October 2023

Summary

A vulnerability exists in the CGI component of Synology Camera Firmware, where the use of externally-controlled format strings can allow remote attackers to execute arbitrary code. Specifically, this impact is noted in the BC500 and TC500 models running firmware versions prior to 1.0.5-0185. Users are advised to upgrade their firmware to the latest version to mitigate potential security risks.

Affected Version(s)

Camera Firmware BC500 1.0

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Oct 24, 2023

Credit

chumen77(GAO JUYANG) from WeBin Lab of DbappSecurity Co.,Ltd.