Synology-SA-24:24 Synology Camera (PWN2OWN 2024)

Publish Time: 2024-11-14 16:28:21 UTC+8

Last Updated: 2024-11-14 16:31:21 UTC+8

Severity
Critical
Status
Resolved

Abstract

Multipe vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on a susceptible version of Synology Camera BC500 Firmware, Synology Camera CC400W Firmware and Synology Camera TC500 Firmware.

The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25538) has been addressed.

Affected Products

Product Severity Fixed Release Availability
BC500 Critical Upgrade to 1.2.0-0525 or above.
CC400W Critical Upgrade to 1.2.0-0525 or above.
TC500 Critical Upgrade to 1.2.0-0525 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

  • Viettel Cyber Security (@vcslab)

  • HANRYEOL PARK, HYOJIN LEE, HYEOKJONG YUN, HYEONJUN LEE, DOWON KWAK, ZIEN (https://zi-en.io/)

Revision

Revision Date Description
1 2024-11-14 Initial public release.