CVE-2024-5463

Published: Jun 4, 2024Modified: Aug 4, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.

Affected (2)

Products: Synology: Bc500 Firmware, Tc500 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Bc500 Firmware	Before 1.1.1-0383

Running on/with	Platform Versions
Synology Bc500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Tc500 Firmware	Before 1.1.1-0383

Running on/with	Platform Versions
Synology Tc500	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.synology.com/en-global/security/advisory/Synology_SA_24_07

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_24_07

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.