Vulnerability Description
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Bc500 Firmware | < 1.0.5-0185 |
| Synology | Bc500 | - |
| Synology | Tc500 Firmware | < 1.0.5-0185 |
| Synology | Tc500 | - |
Related Weaknesses (CWE)
References
- https://www.synology.com/en-global/security/advisory/Synology_SA_23_11Vendor Advisory
- https://www.synology.com/en-global/security/advisory/Synology_SA_23_11Vendor Advisory
FAQ
What is CVE-2023-5746?
CVE-2023-5746 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models...
How severe is CVE-2023-5746?
CVE-2023-5746 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-5746?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Bc500 Firmware, Synology Bc500, Synology Tc500 Firmware, Synology Tc500.