CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11131
https://notcve.org/view.php?id=CVE-2024-11131
19 Mar 2025 — A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500. Se ha detectado una vulnerabilidad relacionada con la lectura fuera de los límites en la interfaz de vídeo. Esto permite a atacantes remotos ejecutar código arbitrario mediante vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_24 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39351
https://notcve.org/view.php?id=CVE-2024-39351
28 Jun 2024 — A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47803
https://notcve.org/view.php?id=CVE-2023-47803
28 Jun 2024 — A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47802
https://notcve.org/view.php?id=CVE-2023-47802
28 Jun 2024 — A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-39349 – Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39349
21 Jun 2024 — A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 cameras. Authentic... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39350 – Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39350
21 Jun 2024 — A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. This vulnerability allows local attackers to escalate privileges on affected installations of Synology BC500 cameras. An attacker must first obtain the ability to execute low-privileged code on the targ... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39352 – Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-39352
21 Jun 2024 — A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. This vulnerability allows network-adjacent attackers to downgrade Synology software on affected installations of Synology BC500 cameras. Authentication is required to exploi... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5463
https://notcve.org/view.php?id=CVE-2024-5463
04 Jun 2024 — A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500. Se ha encontrado una vulnerabilidad relacionada con la copia del búfer sin verificar el tama... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_07 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •