Synology-SA-24:07 Synology Camera
Publish Time: 2024-05-27 16:41:30 UTC+8
Last Updated: 2024-06-04 17:35:57 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
A vulnerability allows remote attackers to conduct denial-of-service attack via a susceptible version of Synology Camera BC500 Firmware and Synology Camera TC500 Firmware.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| BC500 | Moderate | Upgrade to 1.1.1-0383 or above. |
| TC500 | Moderate | Upgrade to 1.1.1-0383 or above. |
Mitigation
None
Detail
- CVE-2024-5463
- Severity: Moderate
- CVSS3 Base Score: 6.5
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.
Acknowledgement
Andrea Maugeri (https://www.linkedin.com/in/andreamaugeri)
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-05-27 | Initial public release. |
| 2 | 2024-06-04 | Disclosed vulnerability details. |