Vulnerabilities > CVE-2024-39350 - Unspecified vulnerability in Synology Bc500 Firmware and Tc500 Firmware

CVSS 7.5 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

synology

NVD

Published: 2024-06-28

Updated: 2025-03-06

Summary

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Vulnerable Configurations

Part	Description	Count
OS	Synology Synology Bc500 Firmware * Synology Tc500 Firmware *	2
Hardware	Synology Synology Bc500 - Synology Tc500 -	2

References

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15