CVE-2023-5746

Name of the Vulnerable Software and Affected Versions Synology Camera Firmware versions prior to 1.0.5-0185

Description A vulnerability regarding the use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The affected models include BC500 and TC500.

Recommendations For Synology Camera Firmware versions prior to 1.0.5-0185, update to version 1.0.5-0185 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi component until a patch is applied.