Authentication Bypass Vulnerability Affects Synology Cameras
CVE-2024-39350

7.5HIGH

Key Information:

Vendor: Synology
Status: Camera Firmware
Vendor: CVE Published:; 28 June 2024

Summary

A recently identified vulnerability in the RTSP functionality of Synology Cameras enables an authentication bypass due to spoofing. This security flaw permits man-in-the-middle attackers to gain unauthorized privileges by exploiting unspecified vectors within the affected firmware versions. The models notably impacted include the BC500 and TC500, both of which must be updated to firmware version 1.0.7-0298 or later to mitigate this risk.

Affected Version(s)

Camera Firmware BC500 1.0

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Romain JOUET (@JouetR), Baptiste MOINE (@Creased_) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative