cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-39350,https://securityvulnerability.io/vulnerability/CVE-2024-39350,Authentication Bypass Vulnerability Affects Synology Cameras,"A recently identified vulnerability in the RTSP functionality of Synology Cameras enables an authentication bypass due to spoofing. This security flaw permits man-in-the-middle attackers to gain unauthorized privileges by exploiting unspecified vectors within the affected firmware versions. The models notably impacted include the BC500 and TC500, both of which must be updated to firmware version 1.0.7-0298 or later to mitigate this risk.",Synology,Camera Firmware,7.5,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-06-28T06:55:25.157Z,0
CVE-2024-39352,https://securityvulnerability.io/vulnerability/CVE-2024-39352,Firmware Upgrade Vulnerability Allows Bypass of Integrity Check,A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.,Synology,Camera Firmware,4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-06-28T06:07:52.739Z,0
CVE-2024-39351,https://securityvulnerability.io/vulnerability/CVE-2024-39351,Arbitrary Command Execution Vulnerability in Synology Camera Firmware,"A vulnerability has been identified within Synology Camera firmware, specifically related to the improper neutralization of special elements used in OS commands. This flaw permits remote authenticated users with administrative access to execute arbitrary commands on the affected systems through unspecified methods. The models affected include the BC500 and TC500 with firmware versions prior to 1.0.7-0298. Prompt remediation is crucial to mitigate potential exploitation of this vulnerability.",Synology,Camera Firmware,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-28T06:07:21.260Z,0
CVE-2024-39349,https://securityvulnerability.io/vulnerability/CVE-2024-39349,Remote Code Execution Vulnerability in Synology Camera Firmware,"A vulnerability exists in the Synology Camera Firmware related to buffer copying without appropriate size checks in the libjansson component. This flaw enables remote attackers to execute arbitrary code, leveraging unspecified vectors. Affected models include the BC500 and TC500, both using firmware versions prior to 1.0.7-0298, which may expose users to significant security risks if not addressed.",Synology,Camera Firmware,9.8,CRITICAL,0.0006500000017695129,false,false,false,false,,false,false,2024-06-28T06:03:59.624Z,0
CVE-2023-47803,https://securityvulnerability.io/vulnerability/CVE-2023-47803,Path Traversal Vulnerability Affects Synology Cameras,A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.,Synology,Camera Firmware,5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-28T06:03:01.476Z,0
CVE-2023-47802,https://securityvulnerability.io/vulnerability/CVE-2023-47802,Arbitrary Command Execution Vulnerability in Synology Camera Firmware,"A vulnerability exists in the Synology Camera Firmware that involves improper neutralization of special elements utilized in OS commands, leading to OS Command Injection. This flaw permits remote authenticated users with administrator privileges to execute arbitrary commands on affected devices. Models at risk include the BC500 and TC500, specifically those running firmware versions prior to 1.0.7-0298. Security measures are crucial for users to prevent potential exploitation via unspecified vectors.",Synology,Camera Firmware,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-28T06:01:58.733Z,0
CVE-2024-5463,https://securityvulnerability.io/vulnerability/CVE-2024-5463,Buffer Copy Vulnerability Affects Synology Login Service,A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.,Synology,Camera Firmware,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-04T09:34:06.934Z,0
CVE-2023-5746,https://securityvulnerability.io/vulnerability/CVE-2023-5746,,A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.,Synology,Camera Firmware,9.8,CRITICAL,0.0013800000306218863,false,false,false,false,,false,false,2023-10-25T18:17:00.000Z,0