CVE-2024-39351: OS Command Injection
First published: Fri Jun 28 2024(Updated: )
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Camera Firmware | <1.0.7-0298 | |
| All of | ||
| <1.0.7-0298 | ||
| All of | ||
| <1.0.7-0298 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39351?
CVE-2024-39351 is classified as a critical vulnerability due to its potential to allow remote command execution.
How do I fix CVE-2024-39351?
To fix CVE-2024-39351, update your Synology Camera Firmware to version 1.0.7-0298 or later.
Who is affected by CVE-2024-39351?
CVE-2024-39351 affects Synology Camera Firmware versions prior to 1.0.7-0298 that are using BC500 and TC500 models.
What types of attacks can be executed using CVE-2024-39351?
CVE-2024-39351 allows authenticated users with administrator privileges to execute arbitrary OS commands.
Is CVE-2024-39351 easy to exploit?
Yes, CVE-2024-39351 can be exploited through unspecified vectors by users with administrative access.
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/synology
- canonical/synology camera firmware