Synology-SA-24:24 Synology Camera (PWN2OWN 2024)

Publish Time: 2024-11-14 16:28:21 UTC+8

Last Updated: 2024-11-14 16:31:21 UTC+8

Severity: Critical

Status: Resolved

Abstract

Multipe vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on a susceptible version of Synology Camera BC500 Firmware, Synology Camera CC400W Firmware and Synology Camera TC500 Firmware.

The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25538) has been addressed.

Affected Products

Product	Severity	Fixed Release Availability
BC500	Critical	Upgrade to 1.2.0-0525 or above.
CC400W	Critical	Upgrade to 1.2.0-0525 or above.
TC500	Critical	Upgrade to 1.2.0-0525 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

Viettel Cyber Security (@vcslab)
HANRYEOL PARK, HYOJIN LEE, HYEOKJONG YUN, HYEONJUN LEE, DOWON KWAK, ZIEN (https://zi-en.io/)

Revision

Revision	Date	Description
1	2024-11-14	Initial public release.