What are you looking for ?
Advertise with us
PNY

Five Security Advisories from Synology on Vulnerabilities

Concerning Synology Camera, Synology Router Manager, BeeStation, Synology Photos and BeePhotos

Synology Inc. had published 5 security advisories concerning vulnerabilities in Synology Camera, Synology Router Manager, BeeStation, Synology Photos and BeePhotos.

Synology-SA-24:17 Synology Camera

Publish Time: 2024-10-18 16:23:38 UTC+8
Last Updated: 2024-10-18 16:23:38 UTC+8
Severity: Critical
Status: Resolved

Abstract
The vulnerabilities allow remote attackers to execute arbitrary code, remote attackers to bypass security constraints and remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Camera BC500 firmware, TC500 Firmware and CC400W firmware.

Affected Products

Product

Severity

Fixed release availability

BC500

Critical

Upgrade to 1.1.3-0442 or above

CC400W

Critical

Upgrade to 1.1.3-0442 or above

TC500

Critical

Upgrade to 1.1.3-0442 or above

Mitigation: None

Detail: Reserved

Acknowledgement: Tim Coen (https://security-consulting.icu/)

Revision

Revision

Date

Description

1

2024-10-18

Initial public release

Synology-SA-24:16 SRM

Publish Time: 2024-10-18 13:43:07 UTC+8
Last Updated: 2024-10-18 13:43:07 UTC+8
Severity: Moderate
Status: Resolved

Abstract
Multiple vunerabilities allow remote authenticated users to read specific files containing non-sensitive information, remote authenticated users with admin privileges to execute arbitrary code, remote authenticated users with admin privileges to execute arbitrary commands and remote authenticated users with admin privileges to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product

Severity

Fixed release availability

SRM 1.3

Moderate

Upgrade to 1.3.1-9346-11 or above

Mitigation: None

Detail : Reserved

Acknowledgement:

  • Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim))
  • Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group

Revision

Revision

Date

Description

1

2024-10-18

Initial public release

Synology-SA-24:15 BeeStation

Publish Time: 2024-10-17 14:23:28 UTC+8
Last Updated: 2024-10-17 14:23:28 UTC+8
Severity: Critical
Status: Resolved

Abstract
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology BeeStation Manager (BSM).

Affected Products

Product

Severity

Fixed release availability

BeeStation OS 1.1

Critical

Upgrade to 1.1-65373 or above

Mitigation: None

Detail: Reserved

Revision

Revision

Date

Description

1

2024-10-17

Initial public release

Synology-SA-24:14 Synology Photos

Publish Time: 2024-10-16 13:55:20 UTC+8
Last Updated: 2024-10-16 13:55:20 UTC+8
Severity: Moderate
Status: Ongoing

Abstract
Multiple vulnerabilities allow remote authenticated users to read specific files, remote authenticated users to delete specific files and remote authenticated users to obtain non-sensitive information.

Affected Products

Product

Severity

Fixed release availability

Synology Photos for DSM 7.2

Moderate

Upgrade to 1.7.0-0794 or above

Synology Photos for DSM 7.1

Moderate

Ongoing

Mitigation: None

Detail: Reserved

Revision

Date

Description

1

2024-10-16

Initial public release

Synology-SA-24:13 BeePhotos

Publish Time: 2024-10-16 13:54:36 UTC+8
Last Updated: 2024-10-16 13:54:36 UTC+8
Severity: Moderate
Status: Resolved

Abstract
Multiple vulnerabilities allow remote authenticated users to read specific files, remote authenticated users to delete specific files and remote authenticated users to obtain non-sensitive information.

Affected Products

Product

Severity

Fixed release availability

BeePhotos for BSM 1.1

Moderate

Upgrade to 1.1.0-10052 or above

Mitigation: None
Detail: Reserved

Revision

Revision

Date

Description

1

2024-10-16

Initial public release

 

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON