CVE-2023-5746

9.8CRITICAL

Key Information

Vendor: Synology
Status: Camera Firmware
Vendor: CVE Published:; 25 October 2023

Summary

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.

Affected Version(s)

Camera Firmware <= 1.0

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 25, 2023
Vulnerability Reserved.
Oct 24, 2023

Collectors

NVD DatabaseMitre Database

Credit

chumen77(GAO JUYANG) from WeBin Lab of DbappSecurity Co.,Ltd.