Five Security Advisories from Synology on Vulnerabilities
Concerning Synology Camera, Synology Router Manager, BeeStation, Synology Photos and BeePhotos
This is a Press Release edited by StorageNewsletter.com on October 29, 2024 at 2:00 pmSynology Inc. had published 5 security advisories concerning vulnerabilities in Synology Camera, Synology Router Manager, BeeStation, Synology Photos and BeePhotos.
Synology-SA-24:17 Synology Camera
Publish Time: 2024-10-18 16:23:38 UTC+8
Last Updated: 2024-10-18 16:23:38 UTC+8
Severity: Critical
Status: Resolved
Abstract
The vulnerabilities allow remote attackers to execute arbitrary code, remote attackers to bypass security constraints and remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Camera BC500 firmware, TC500 Firmware and CC400W firmware.
Affected Products
Product |
Severity |
Fixed release availability |
---|---|---|
BC500 |
Critical |
Upgrade to 1.1.3-0442 or above |
CC400W |
Critical |
Upgrade to 1.1.3-0442 or above |
TC500 |
Critical |
Upgrade to 1.1.3-0442 or above |
Mitigation: None
Detail: Reserved
Acknowledgement: Tim Coen (https://security-consulting.icu/)
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-10-18 |
Initial public release |
Publish Time: 2024-10-18 13:43:07 UTC+8
Last Updated: 2024-10-18 13:43:07 UTC+8
Severity: Moderate
Status: Resolved
Abstract
Multiple vunerabilities allow remote authenticated users to read specific files containing non-sensitive information, remote authenticated users with admin privileges to execute arbitrary code, remote authenticated users with admin privileges to execute arbitrary commands and remote authenticated users with admin privileges to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM).
Affected Products
Product |
Severity |
Fixed release availability |
---|---|---|
SRM 1.3 |
Moderate |
Upgrade to 1.3.1-9346-11 or above |
Mitigation: None
Detail : Reserved
Acknowledgement:
- Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim))
- Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-10-18 |
Initial public release |
Publish Time: 2024-10-17 14:23:28 UTC+8
Last Updated: 2024-10-17 14:23:28 UTC+8
Severity: Critical
Status: Resolved
Abstract
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology BeeStation Manager (BSM).
Affected Products
Product |
Severity |
Fixed release availability |
---|---|---|
BeeStation OS 1.1 |
Critical |
Upgrade to 1.1-65373 or above |
Mitigation: None
Detail: Reserved
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-10-17 |
Initial public release |
Synology-SA-24:14 Synology Photos
Publish Time: 2024-10-16 13:55:20 UTC+8
Last Updated: 2024-10-16 13:55:20 UTC+8
Severity: Moderate
Status: Ongoing
Abstract
Multiple vulnerabilities allow remote authenticated users to read specific files, remote authenticated users to delete specific files and remote authenticated users to obtain non-sensitive information.
Affected Products
Product |
Severity |
Fixed release availability |
---|---|---|
Synology Photos for DSM 7.2 |
Moderate |
Upgrade to 1.7.0-0794 or above |
Synology Photos for DSM 7.1 |
Moderate |
Ongoing |
Mitigation: None
Detail: Reserved
Revision |
Date |
Description |
---|---|---|
1 |
2024-10-16 |
Initial public release |
Publish Time: 2024-10-16 13:54:36 UTC+8
Last Updated: 2024-10-16 13:54:36 UTC+8
Severity: Moderate
Status: Resolved
Abstract
Multiple vulnerabilities allow remote authenticated users to read specific files, remote authenticated users to delete specific files and remote authenticated users to obtain non-sensitive information.
Affected Products
Product |
Severity |
Fixed release availability |
---|---|---|
BeePhotos for BSM 1.1 |
Moderate |
Upgrade to 1.1.0-10052 or above |
Mitigation: None
Detail: Reserved
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-10-16 |
Initial public release |