← back
CVE-2024-39351

CVE-2024-39351

CVSS 7.2 HIGHEPSS 1.5%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.5%KEV nãoPoC Patch referenciado
Lifecycle
Jun 28, 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Synology · Camera Firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15