← back
CVE-2023-47802

CVE-2023-47802

CVSS 7.2 HIGHEPSS 1.5%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
28 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Synology · Camera Firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15