CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-5746

CVSS 9.8v3.1pub. 2023-10-25upd. 2024-11-21

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Synology Bc500

    HW
    Synology
    wszystkie wersje
  • Synology Bc500 Firmware

    OS
    Synology
    < 1.0.5-0185
  • Synology Tc500

    HW
    Synology
    wszystkie wersje
  • Synology Tc500 Firmware

    OS
    Synology
    < 1.0.5-0185
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-11131CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds read w firmware kamer Synology umożliwia RCE

CVE-2024-39349CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w firmware kamer Synology BC500/TC500 umożliwia RCE

CVE-2023-47802HIGH7.2ten sam produkt

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...

CVE-2024-39350HIGH7.5ten sam produkt

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows ma...

CVE-2024-39351HIGH7.2ten sam produkt

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...