CVE-2024-39352
First published: Fri Jun 28 2024(Updated: )
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Camera Firmware | <1.0.7-0298 | |
| All of | ||
| <1.0.7-0298 | ||
| All of | ||
| <1.0.7-0298 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39352?
CVE-2024-39352 is considered a high severity vulnerability due to its potential to allow unauthorized access to firmware integrity.
How do I fix CVE-2024-39352?
The vulnerability CVE-2024-39352 can be mitigated by upgrading the Synology Camera Firmware to version 1.0.7-0298 or later.
Who is affected by CVE-2024-39352?
CVE-2024-39352 affects remote authenticated users with administrator privileges on Synology Camera Firmware versions prior to 1.0.7-0298.
What impact does CVE-2024-39352 have on my device?
CVE-2024-39352 allows attackers to bypass firmware integrity checks, potentially leading to unauthorized firmware upgrades.
Is there a workaround for CVE-2024-39352?
Currently, the only effective remedy for CVE-2024-39352 is to update the firmware to the latest version.
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/synology
- canonical/synology camera firmware