CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-11131

CVSS 9.8v3.1pub. 2025-03-19upd. 2026-01-16

A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.

🤖 AI Analysis
How it works

An out-of-bounds read error (CWE-125) occurs in the video interface of Synology camera firmware. An attacker can remotely send specially crafted requests via unspecified vectors through the network, which leads to reading data outside the allocated memory buffer. Improper processing of this data can subsequently be exploited to execute arbitrary code on the device.

Impact

Successful exploitation of this vulnerability allows an unauthenticated attacker to remotely execute arbitrary code (RCE) on the vulnerable camera, which may result in complete takeover of the device, breach of confidentiality, integrity, and availability of the system.

Mitigation & patch

Update Synology Camera Firmware to version 1.2.0-0525 or later. Detailed information and update files are available in the official Synology security bulletin: https://www.synology.com/en-global/security/advisory/Synology_SA_24_24

Who is affected

Synology cameras BC500, CC400W, and TC500 with Synology Camera Firmware version earlier than 1.2.0-0525.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Synology Bc500

    HW
    Synology
    wszystkie wersje
  • Synology Bc500 Firmware

    OS
    Synology
    < 1.2.0-0525
  • Synology Cc400w

    HW
    Synology
    wszystkie wersje
  • Synology Cc400w Firmware

    OS
    Synology
    < 1.2.0-0525
  • Synology Tc500

    HW
    Synology
    wszystkie wersje
  • Synology Tc500 Firmware

    OS
    Synology
    < 1.2.0-0525
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2024-39349CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w firmware kamer Synology BC500/TC500 umożliwia RCE

CVE-2023-5746CRITICAL9.8ten sam produkt

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allow...

CVE-2023-47802HIGH7.2ten sam produkt

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...

CVE-2024-39350HIGH7.5ten sam produkt

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows ma...

CVE-2024-39351HIGH7.2ten sam produkt

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...