First published: Fri Jun 28 2024(Updated: )
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Camera Firmware | <1.0.7-0298 | |
All of | ||
<1.0.7-0298 | ||
All of | ||
<1.0.7-0298 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-47802 is considered to be a high severity vulnerability due to its potential for arbitrary OS command execution.
CVE-2023-47802 affects remote authenticated users with administrator privileges on vulnerable Synology Camera Firmware versions up to 1.0.7-0298.
Fix CVE-2023-47802 by updating to the latest version of Synology Camera Firmware that addresses this vulnerability.
CVE-2023-47802 is classified as an OS Command Injection vulnerability due to improper neutralization of special elements.
If exploited, CVE-2023-47802 could allow remote authenticated users to execute arbitrary commands on the system.