Remote Code Execution Vulnerability in Synology Camera Firmware
CVE-2024-39349

9.8CRITICAL

Key Information:

Vendor: Synology
Status: Camera Firmware
Vendor: CVE Published:; 28 June 2024

Summary

A vulnerability exists in the Synology Camera Firmware related to buffer copying without appropriate size checks in the libjansson component. This flaw enables remote attackers to execute arbitrary code, leveraging unspecified vectors. Affected models include the BC500 and TC500, both using firmware versions prior to 1.0.7-0298, which may expose users to significant security risks if not addressed.

Affected Version(s)

Camera Firmware 1.0

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Freddy Ma, Jimmy Chang, Jimmy Liu (DrmnSamoLiu), Kyo Chen, Nancy Chang, Sébastien Dusuel (DuSu) working with Trend Micro Zero Day Initiative