CVE-2024-39352

Published: Jun 28, 2024Modified: Apr 10, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Affected (2)

Products: Synology: Bc500 Firmware, Tc500 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Bc500 Firmware	Before 1.0.7-0298

Running on/with	Platform Versions
Synology Bc500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Tc500 Firmware	Before 1.0.7-0298

Running on/with	Platform Versions
Synology Tc500	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.