Vulnerabilities > Synology > Tc500 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-39350 | Unspecified vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. high complexity synology | 7.5 |
| 2024-06-28 | CVE-2023-47802 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. | 7.2 |
| 2024-06-28 | CVE-2023-47803 | Path Traversal vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. | 5.3 |
| 2024-06-28 | CVE-2024-39349 | Classic Buffer Overflow vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. | 9.8 |
| 2024-06-28 | CVE-2024-39351 | OS Command Injection vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. | 7.2 |
| 2024-06-28 | CVE-2024-39352 | Incorrect Authorization vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. | 4.9 |
| 2024-06-04 | CVE-2024-5463 | Classic Buffer Overflow vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. | 7.5 |
| 2023-10-25 | CVE-2023-5746 | Use of Externally-Controlled Format String vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding use of externally-controlled format string is found in the cgi component. | 9.8 |