Synology Camera Critical Vulnerabilities Patched: Upgrade Immediately

Synology, a leading network-attached storage (NAS) and surveillance solution provider has recently addressed critical security vulnerabilities affecting its Synology Camera BC500 and TC500 models. These vulnerabilities, discovered during the PWN2OWN 2023 security competition, could allow remote attackers to execute arbitrary code or bypass security restrictions, gaining unauthorized access to affected devices.

Vulnerability Details

The vulnerabilities reside within the Synology Camera BC500 and TC500 Firmware versions before 1.0.7-0298. These flaws allow remote attackers to:

  1. Execute arbitrary code: This means an attacker could take complete control of the affected Synology Camera device, potentially compromising the integrity of the surveillance system and allowing further access to the network.

  2. Bypass security constraints: Attackers could exploit these vulnerabilities to bypass security mechanisms in place, gaining unauthorized access to sensitive data or disrupting the camera’s functionality.

Affected Products

The following Synology Camera models are affected by these vulnerabilities:

  • Synology Camera BC500

  • Synology Camera TC500

Mitigation and Remediation

Synology has released firmware updates to address these critical vulnerabilities. Users are strongly advised to upgrade their affected Synology Camera devices to the latest firmware versions immediately:

  • BC500: Upgrade to 1.0.7-0298 or above.

  • TC500: Upgrade to 1.0.7-0298 or above.

Protecting Your Synology Camera

In addition to upgrading the firmware, Synology recommends the following security measures to further protect your Synology Camera devices:

  • Change the default administrator password to a strong, unique password.

  • Disable unnecessary services and ports on the camera.

  • Regularly check for and apply firmware updates.

  • Implement a layered security approach, including network segmentation and access controls.