Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39349

A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Published

2024-06-28T06:15:05.500

Last Modified

2025-04-10T19:03:39.500

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	synology	bc500_firmware	< 1.0.7-0298	Yes
Hardware	synology	bc500	-	No
Operating System	synology	tc500_firmware	< 1.0.7-0298	Yes
Hardware	synology	tc500	-	No

References

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 Vendor Advisory ([email protected])
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)