Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks
Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W. The vulnerabilities, which could allow remote attackers to execute arbitrary code, bypass security constraints, and initiate denial-of-service (DoS) attacks, pose a significant risk to users if not addressed immediately.
The advisory details that remote attackers can exploit these flaws in the affected firmware versions of Synology Camera BC500, TC500, and CC400W. The vulnerabilities enable attackers to gain unauthorized access to the cameras, allowing them to execute arbitrary code, bypass security controls, and launch DoS attacks, potentially rendering the devices inoperable.
Synology highlights the severity of these vulnerabilities, stating: “The vulnerabilities allow remote attackers to execute arbitrary code, bypass security constraints, and conduct denial-of-service attacks via a susceptible version of Synology Camera firmware.”
The following Synology camera models are affected:
| Product | Severity | Fixed Release Availability |
|---|---|---|
| BC500 | Critical | Upgrade to 1.1.3-0442 or above. |
| CC400W | Critical | Upgrade to 1.1.3-0442 or above. |
| TC500 | Critical | Upgrade to 1.1.3-0442 or above. |
Given the severity of the issue, Synology urges users to immediately update their firmware to the fixed version (1.1.3-0442 or above) to prevent potential exploitation.
Synology has not provided any mitigation strategies for these vulnerabilities, making it essential for users to apply the recommended firmware updates as soon as possible. Failure to do so could expose devices to severe security risks, including unauthorized access and system compromise.
The vulnerabilities were responsibly disclosed by security researcher Tim Coen.
Related Posts:
- Synology Camera Critical Vulnerabilities Patched: Upgrade Immediately
- Critical Flaw Detected in Synology BC500 and TC500 Cameras
- Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately
- Critical Vulnerability in Synology VPN Plus Server software
- Synology Patches Serious Bugs in DiskStation Manager
