Arbitrary Command Execution Vulnerability in Synology Camera Firmware
CVE-2024-39351

7.2HIGH

Key Information:

Vendor: Synology
Status: Camera Firmware
Vendor: CVE Published:; 28 June 2024

Summary

A vulnerability has been identified within Synology Camera firmware, specifically related to the improper neutralization of special elements used in OS commands. This flaw permits remote authenticated users with administrative access to execute arbitrary commands on the affected systems through unspecified methods. The models affected include the BC500 and TC500 with firmware versions prior to 1.0.7-0298. Prompt remediation is crucial to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Camera Firmware BC500 1.0

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com)