Summary: Synology has issued a critical security advisory regarding vulnerabilities in its camera firmware products, which could allow remote attackers to execute arbitrary code and launch denial-of-service attacks. Users are urged to update their firmware immediately to mitigate these risks.
Threat Actor: Remote attackers | remote attackers
Victim: Synology camera users | Synology camera users
Key Point :
- Critical vulnerabilities exist in Synology Camera BC500, TC500, and CC400W firmware.
- Attackers can exploit these flaws to execute arbitrary code and bypass security measures.
- Users must upgrade to firmware version 1.1.3-0442 or above to protect their devices.
- No mitigation strategies have been provided, emphasizing the urgency of the firmware update.
- The vulnerabilities were responsibly disclosed by security researcher Tim Coen.
Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W. The vulnerabilities, which could allow remote attackers to execute arbitrary code, bypass security constraints, and initiate denial-of-service (DoS) attacks, pose a significant risk to users if not addressed immediately.
The advisory details that remote attackers can exploit these flaws in the affected firmware versions of Synology Camera BC500, TC500, and CC400W. The vulnerabilities enable attackers to gain unauthorized access to the cameras, allowing them to execute arbitrary code, bypass security controls, and launch DoS attacks, potentially rendering the devices inoperable.
Synology highlights the severity of these vulnerabilities, stating: “The vulnerabilities allow remote attackers to execute arbitrary code, bypass security constraints, and conduct denial-of-service attacks via a susceptible version of Synology Camera firmware.”
The following Synology camera models are affected:
| Product | Severity | Fixed Release Availability |
|---|---|---|
| BC500 | Critical | Upgrade to 1.1.3-0442 or above. |
| CC400W | Critical | Upgrade to 1.1.3-0442 or above. |
| TC500 | Critical | Upgrade to 1.1.3-0442 or above. |
Given the severity of the issue, Synology urges users to immediately update their firmware to the fixed version (1.1.3-0442 or above) to prevent potential exploitation.
Synology has not provided any mitigation strategies for these vulnerabilities, making it essential for users to apply the recommended firmware updates as soon as possible. Failure to do so could expose devices to severe security risks, including unauthorized access and system compromise.
The vulnerabilities were responsibly disclosed by security researcher Tim Coen.