=====================================================================

                                 CERT-Renater

                       Note d'Information No. 2023/VULN285

_____________________________________________________________________

DATE                : 01/09/2023

HARDWARE PLATFORM(S): Synology.

OPERATING SYSTEM(S): Synology Camera BC500 Firmware, Synology Camera
                       TC500 Firmware versions prior to 1.0.5-0185.

=====================================================================
https://www.synology.com/fr-fr/security/advisory/Synology_SA_23_11
_____________________________________________________________________


Synology-SA-23:11 Synology Camera

Publish Time: 2023-08-17 19:07:37 UTC+8

Last Updated: 2023-08-17 19:07:37 UTC+8

Severity
     Critical

Status
     Resolved


Abstract

A vulnerability allows remote attackers to execute arbitrary code
via a susceptible version of Synology Camera BC500 Firmware and
Synology Camera TC500 Firmware.


Affected Products

Product   Severity      Fixed Release Availability
BC500     Critical      Upgrade to 1.0.5-0185 or above.
TC500     Critical      Upgrade to 1.0.5-0185 or above.


Mitigation

Setting up firewall rules to allow only trusted clients to connect
can be used as a temporary mitigation.


Detail

Reserved


Revision

Revision     Date       Description
1         2023-08-17    Initial public release.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================