HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-39350

CVSS 7.5v3.1pub. 2024-06-28upd. 2025-03-06

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Synology Bc500

    HW
    Synology
    wszystkie wersje
  • Synology Bc500 Firmware

    OS
    Synology
    < 1.0.7-0298
  • Synology Tc500

    HW
    Synology
    wszystkie wersje
  • Synology Tc500 Firmware

    OS
    Synology
    < 1.0.7-0298
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-11131CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds read w firmware kamer Synology umożliwia RCE

CVE-2024-39349CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w firmware kamer Synology BC500/TC500 umożliwia RCE

CVE-2023-5746CRITICAL9.8ten sam produkt

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allow...

CVE-2023-47802HIGH7.2ten sam produkt

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...

CVE-2024-39351HIGH7.2ten sam produkt

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...