CVE-2024-39352

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39352
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

4.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 Vendor Advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*
History

10 Apr 2025, 18:14

Type Values Removed Values Added
CWE CWE-863
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.9

04 Mar 2025, 18:43

Type Values Removed Values Added
CPE cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*
cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*
cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*
First Time Synology tc500
Synology tc500 Firmware
Synology bc500
Synology
Synology bc500 Firmware
References () https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 - () https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 - Vendor Advisory
CWE CWE-863

28 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-28 06:15

Updated : 2025-04-10 18:14

NVD link : CVE-2024-39352

Mitre link : CVE-2024-39352

JSON object : View

Products Affected

synology

  • bc500_firmware
  • tc500
  • bc500
  • tc500_firmware
CWE
CWE-863

Incorrect Authorization