CVE-2024-39349

Name of the Vulnerable Software and Affected Versions Synology Camera Firmware versions prior to 1.0.7-0298

Description A buffer copy issue without size checking, known as a 'Classic Buffer Overflow', exists in the libjansson component of the Synology Camera Firmware. This issue allows remote attackers to execute arbitrary code via unspecified vectors. The affected models include BC500 and TC500.

Recommendations For Synology Camera Firmware versions prior to 1.0.7-0298, update to version 1.0.7-0298 or later to resolve the issue. As a temporary workaround, consider restricting access to the synocam param.cgi endpoint until the update is applied.