Vulnerability Details CVE-2024-11131
A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-11131
-
cpe:2.3:h:synology:bc500:-
-
cpe:2.3:h:synology:cc400w:-
-
cpe:2.3:h:synology:tc500:-
-
cpe:2.3:o:synology:bc500_firmware:-
-
cpe:2.3:o:synology:bc500_firmware:1.0.4-0182
-
cpe:2.3:o:synology:bc500_firmware:1.0.5-0185
-
cpe:2.3:o:synology:bc500_firmware:1.0.6-0290
-
cpe:2.3:o:synology:bc500_firmware:1.0.6-0294
-
cpe:2.3:o:synology:bc500_firmware:1.0.7-0298
-
cpe:2.3:o:synology:bc500_firmware:1.1.0-0320
-
cpe:2.3:o:synology:bc500_firmware:1.1.1-0383
-
cpe:2.3:o:synology:bc500_firmware:1.1.2-0416
-
cpe:2.3:o:synology:bc500_firmware:1.1.3-0442
-
cpe:2.3:o:synology:cc400w_firmware:*
-
cpe:2.3:o:synology:tc500_firmware:-
-
cpe:2.3:o:synology:tc500_firmware:1.0.2-0142
-
cpe:2.3:o:synology:tc500_firmware:1.0.4-0182
-
cpe:2.3:o:synology:tc500_firmware:1.0.5-0185
-
cpe:2.3:o:synology:tc500_firmware:1.0.6-0290
-
cpe:2.3:o:synology:tc500_firmware:1.0.6-0294
-
cpe:2.3:o:synology:tc500_firmware:1.0.7-0298
-
cpe:2.3:o:synology:tc500_firmware:1.1.0-0320
-
cpe:2.3:o:synology:tc500_firmware:1.1.1-0383
-
cpe:2.3:o:synology:tc500_firmware:1.1.2-0416
-
cpe:2.3:o:synology:tc500_firmware:1.1.3-0442