Synology Camera Firmware vulnerabilities
9 known vulnerabilities affecting synology/camera_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-5746P2CRITICALCVSS 9.8≥ 1.0, < 1.0.5-01852023-10-25
CVE-2023-5746 [CRITICAL] CWE-134 CVE-2023-5746: A vulnerability regarding use of externally-controlled format string is found in the cgi component.
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.
nvd
CVE-2024-39349P2CRITICALCVSS 9.8≥ 1.0, < 1.0.7-02982024-06-28
CVE-2024-39349 [CRITICAL] CWE-120 CVE-2024-39349: A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is
A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affect
nvd
CVE-2024-11131P3CRITICALCVSS 9.8≥ 1.1, < 1.2.0-05252025-03-19
CVE-2024-11131 [CRITICAL] CWE-125 CVE-2024-11131: A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote att
A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
nvd
CVE-2024-39351P3HIGHCVSS 7.2≥ 1.0, < 1.0.7-02982024-06-28
CVE-2024-39351 [HIGH] CWE-78 CVE-2024-39351: A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Com
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298
nvd
CVE-2023-47802P3HIGHCVSS 7.2≥ 1.0, < 1.0.7-02982024-06-28
CVE-2023-47802 [HIGH] CWE-78 CVE-2023-47802: A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Com
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-
nvd
CVE-2024-39350P3HIGHCVSS 7.5≥ 1.0, < 1.0.7-02982024-06-28
CVE-2024-39350 [HIGH] CWE-290 CVE-2024-39350: A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
nvd
CVE-2024-5463P3MEDIUMCVSS 6.5≥ 1.1, < 1.1.1-0383≥ 1.0, < 1.1.1-03832024-06-04
CVE-2024-5463 [MEDIUM] CWE-120 CVE-2024-5463: A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow')
A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which wil
nvd
CVE-2024-39352P4MEDIUMCVSS 4.9≥ 1.0, < 1.0.7-02982024-06-28
CVE-2024-39352 [MEDIUM] CWE-863 CVE-2024-39352: A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. Th
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
nvd
CVE-2023-47803P4MEDIUMCVSS 5.3≥ 1.0, < 1.0.7-02982024-06-28
CVE-2023-47803 [MEDIUM] CWE-22 CVE-2023-47803: A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Travers
A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be
nvd