CVE-2024-39350

Name of the Vulnerable Software and Affected Versions Synology Camera Firmware versions prior to 1.0.7-0298

Description A vulnerability in the RTSP functionality allows man-in-the-middle attackers to bypass authentication and obtain privileges without consent via unspecified vectors. This issue may be related to improper compartmentalization, potentially leading to local privilege escalation.

Recommendations For versions prior to 1.0.7-0298, update to version 1.0.7-0298 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTSP functionality until a patch is applied.