CVE-2024-39350

Published: Jun 28, 2024Modified: Mar 6, 2025

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Affected (2)

Products: Synology: Bc500 Firmware, Tc500 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Bc500 Firmware	Before 1.0.7-0298

Running on/with	Platform Versions
Synology Bc500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Tc500 Firmware	Before 1.0.7-0298

Running on/with	Platform Versions
Synology Tc500	All versions

Related CWEs

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.