Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-47802

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Published

2024-06-28T06:15:03.220

Last Modified

2025-04-10T19:11:39.490

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	synology	bc500_firmware	< 1.0.7-0298	Yes
Hardware	synology	bc500	-	No
Operating System	synology	tc500_firmware	< 1.0.7-0298	Yes
Hardware	synology	tc500	-	No

References

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 Vendor Advisory ([email protected])
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)