Synology Bc500 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Synology Bc500 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-39349 — CVSS 9.8 (critical): A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and…
CVE-2023-5746 — CVSS 9.8 (critical): A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute…
CVE-2024-11131 — CVSS 9.8 (critical): A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via…
CVE-2024-39350 — CVSS 7.5 (high): A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to…
CVE-2023-47802 — CVSS 7.2 (high): A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP…
CVE-2024-39351 — CVSS 7.2 (high): A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP…
CVE-2024-5463 — CVSS 6.5 (medium): A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component…
CVE-2023-47803 — CVSS 5.3 (medium): A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings…
CVE-2024-39352 — CVSS 4.9 (medium): A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users…