Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own

Synology vulnerability

Synology, a leading provider of network-attached storage (NAS) solutions, has released urgent security updates to address multiple critical zero-day vulnerabilities discovered in its camera products. These flaws, which affect the BC500, CC400W, and TC500 camera models, were successfully exploited during the recent Pwn2Own hacking competition.

Security researchers from Viettel Cyber Security and Zien uncovered the vulnerabilities, which could allow remote attackers to execute arbitrary code or commands on affected devices. This could grant malicious actors complete control over the cameras, potentially enabling them to steal sensitive data, disrupt operations, or even use the devices as a springboard for further attacks.

According to Synology’s security advisory, “Multiple vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on a susceptible version of Synology Camera BC500 Firmware, Synology Camera CC400W Firmware, and Synology Camera TC500 Firmware.”

Synology acted swiftly to mitigate these threats, releasing updated firmware versions for all three affected camera models. Users are strongly urged to upgrade to the following versions or above immediately:

  • BC500: 1.2.0-0525
  • CC400W: 1.2.0-0525
  • TC500: 1.2.0-0525

While Synology has responded quickly, the vendors involved in Pwn2Own competitions typically have a 90-day window to release patches before Trend Micro’s Zero Day Initiative discloses detailed information about the vulnerabilities. This grace period allows time for critical fixes before vulnerabilities are publicly detailed.

Related Posts: