CVE-2024-5463 - Vulnerability Details - OpenCVE

A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synology	Bc500 Bc500 Firmware Tc500 Tc500 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.synology.com/en-global/security/advisory/Synology_SA_24_07

History

Mon, 07 Apr 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Synology Synology bc500 Synology bc500 Firmware Synology tc500 Synology tc500 Firmware
CPEs		cpe:2.3:h:synology:bc500:-:::::::* cpe:2.3:h:synology:tc500:-:::::::* cpe:2.3:o:synology:bc500_firmware:::::::: cpe:2.3:o:synology:tc500_firmware::::::::
Vendors & Products		Synology Synology bc500 Synology bc500 Firmware Synology tc500 Synology tc500 Firmware

MITRE

Status: PUBLISHED

Assigner: synology

Published: 2024-06-04T09:34:06.934Z

Updated: 2024-08-01T21:11:12.729Z

Reserved: 2024-05-29T06:02:55.669Z

Link: CVE-2024-5463

Vulnrichment

Updated: 2024-08-01T21:11:12.729Z

NVD

Status : Analyzed

Published: 2024-06-04T10:15:12.747

Modified: 2025-04-07T13:44:20.843

Link: CVE-2024-5463

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5463", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "state": "PUBLISHED", "assignerShortName": "synology", "dateReserved": "2024-05-29T06:02:55.669Z", "datePublished": "2024-06-04T09:34:06.934Z", "dateUpdated": "2024-08-01T21:11:12.729Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120", "type": "CWE"}]}], "affected": [{"vendor": "Synology", "product": "Camera Firmware", "versions": [{"version": "1.1", "status": "affected", "lessThan": "1.1.1-0383", "versionType": "semver"}, {"version": "1.0", "status": "affected", "lessThan": "1.1.1-0383", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_07", "name": "Synology-SA-24:07 Synology Camera", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Andrea Maugeri (https://www.linkedin.com/in/andreamaugeri)", "type": "finder"}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2024-06-04T09:34:06.934Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5463", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-04T14:54:00.373337Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:synology:bc500:*:*:*:*:*:*:*:*"], "vendor": "synology", "product": "bc500", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1-0383", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:synology:tc500:*:*:*:*:*:*:*:*"], "vendor": "synology", "product": "tc500", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1-0383", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:02:05.229Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.729Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_07", "name": "Synology-SA-24:07 Synology Camera", "tags": ["vendor-advisory", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_07", "name": "Synology-SA-24:07 Synology Camera", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.729Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5463", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-04T14:54:00.373337Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:synology:bc500:*:*:*:*:*:*:*:*"], "vendor": "synology", "product": "bc500", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1-0383", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:synology:tc500:*:*:*:*:*:*:*:*"], "vendor": "synology", "product": "tc500", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1-0383", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T15:00:14.485Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Andrea Maugeri (https://www.linkedin.com/in/andreamaugeri)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synology", "product": "Camera Firmware", "versions": [{"status": "affected", "version": "1.1", "lessThan": "1.1.1-0383", "versionType": "semver"}, {"status": "affected", "version": "1.0", "lessThan": "1.1.1-0383", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_07", "name": "Synology-SA-24:07 Synology Camera", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2024-06-04T09:34:06.934Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5463", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:11:12.729Z", "dateReserved": "2024-05-29T06:02:55.669Z", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "datePublished": "2024-06-04T09:34:06.934Z", "assignerShortName": "synology"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C858D12-C0E1-4BB2-904D-F200B7AB4367", "versionEndExcluding": "1.1.1-0383", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3673C8C4-86CE-496E-8B58-C56AD79BAAB9", "versionEndExcluding": "1.1.1-0383", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*", "matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad relacionada con la copia del b\u00fafer sin verificar el tama\u00f1o de la entrada (\"Classic Buffer Overflow\") en el componente de inicio de sesi\u00f3n. Esto permite a atacantes remotos realizar ataques de denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados. Este ataque s\u00f3lo afecta al servicio de inicio de sesi\u00f3n que se reiniciar\u00e1 autom\u00e1ticamente. Los siguientes modelos con versiones de Synology Camera Firmware anteriores a 1.1.1-0383 pueden verse afectados: BC500 y TC500."}], "id": "CVE-2024-5463", "lastModified": "2025-04-07T13:44:20.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@synology.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-04T10:15:12.747", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_07"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "security@synology.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}