Gao Juyang

**Name of the Vulnerable Software and Affected Versions** Synology Camera Firmware versions prior to 1.0.5-0185 **Description** A vulnerability regarding the use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The affected models include BC500 and TC500. **Recommendations** For Synology Camera Firmware versions prior to 1.0.5-0185, update to version 1.0.5-0185 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Synology SSL VPN Client versions prior to 1.4.7-0687 **Description** The issue is related to a buffer copy without checking the size of the input, which is a 'Classic Buffer Overflow' vulnerability in the cgi component. This allows local users to conduct denial-of-service attacks via unspecified vectors. **Recommendations** For versions prior to 1.4.7-0687, update to version 1.4.7-0687 or later to resolve the issue.