Vulnerability Description
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Tc500 Firmware | < 1.0.7-0298 |
| Synology | Tc500 | - |
| Synology | Bc500 Firmware | < 1.0.7-0298 |
| Synology | Bc500 | - |
Related Weaknesses (CWE)
References
- https://www.synology.com/en-global/security/advisory/Synology_SA_23_15Vendor Advisory
- https://www.synology.com/en-global/security/advisory/Synology_SA_23_15Vendor Advisory
FAQ
What is CVE-2024-39350?
CVE-2024-39350 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. Th...
How severe is CVE-2024-39350?
CVE-2024-39350 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39350?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Tc500 Firmware, Synology Tc500, Synology Bc500 Firmware, Synology Bc500.