A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
References
| Link | Resource |
|---|---|
| https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 | Vendor Advisory |
| https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 | Vendor Advisory |
Configurations
History
04 Mar 2025, 18:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:* cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:* cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Synology tc500 Firmware
Synology bc500 Synology bc500 Firmware Synology tc500 Synology |
|
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 - Vendor Advisory |
21 Nov 2024, 09:27
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 - |
28 Jun 2024, 10:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-06-28 06:15
Updated : 2025-03-04 18:43
NVD link : CVE-2024-39352
Mitre link : CVE-2024-39352
CVE.ORG link : CVE-2024-39352
JSON object : View
Products Affected
synology
- tc500_firmware
- bc500_firmware
- tc500
- bc500
CWE
CWE-863
Incorrect Authorization