First published: Fri Jun 28 2024(Updated: )
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Camera Firmware | <1.0.7-0298 | |
All of | ||
<1.0.7-0298 | ||
All of | ||
<1.0.7-0298 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-39351 is classified as a critical vulnerability due to its potential to allow remote command execution.
To fix CVE-2024-39351, update your Synology Camera Firmware to version 1.0.7-0298 or later.
CVE-2024-39351 affects Synology Camera Firmware versions prior to 1.0.7-0298 that are using BC500 and TC500 models.
CVE-2024-39351 allows authenticated users with administrator privileges to execute arbitrary OS commands.
Yes, CVE-2024-39351 can be exploited through unspecified vectors by users with administrative access.