A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
The vulnerability consists of copying data to a buffer without verifying the input data size (Classic Buffer Overflow, CWE-120) in a local modification of the libjansson component β the manufacturer notes that the vulnerability does not exist in the upstream library. A remote attacker, without authentication and without user interaction, can send crafted data over the network, causing buffer overflow. As a result, it is possible to hijack control over the process execution flow and execute arbitrary code.
An attacker can remotely execute arbitrary code on the vulnerable device (RCE), which in practice means the possibility of complete camera takeover, violation of image confidentiality, system integrity compromise, and device availability disruption.
Synology BC500 and TC500 camera firmware should be updated to version 1.0.7-0298 or later, in accordance with the manufacturer's recommendations published in the Synology_SA_23_15 bulletin available on the Synology website.
Synology BC500 and TC500 cameras with Synology Camera firmware versions earlier than 1.0.7-0298.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSynology Bc500
HWSynologywszystkie wersjeSynology Bc500 Firmware
OSSynology< 1.0.7-0298Synology Tc500
HWSynologywszystkie wersjeSynology Tc500 Firmware
OSSynology< 1.0.7-0298
Related vulnerabilities
Out-of-bounds read w firmware kamer Synology umoΕΌliwia RCE
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allow...
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows ma...
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injec...