CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware

Synology has updated its security advisories to disclose details of a critical vulnerability affecting its camera firmware. The vulnerability allows remote attackers to execute arbitrary code or commands on susceptible Synology cameras.

The vulnerability impacts the following Synology camera products:

• BC500

• CC400W

• TC500

The severity of the vulnerability is rated as Critical, with a CVSS3 Base Score of 9.8.

The vulnerability, identified as CVE-2024-11131, is described as an out-of-bounds read issue found in the video interface. This vulnerability can be exploited by remote attackers to execute arbitrary code via unspecified vectors.

The vulnerability was reported by PWN2OWN 2024 (ZDI-CAN-25538).

Synology has addressed the vulnerability in firmware version 1.2.0-0525. Users of the affected camera models (BC500, CC400W, and TC500) are advised to upgrade to this version or above to mitigate the risk.

Related Posts:

• Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks
• Synology Camera Critical Vulnerabilities Patched: Upgrade Immediately
• Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately
• Synology Fixes Critical Vulnerabilities in Synology Photos and BeePhotos After Pwn2Own Exposure