CVE-2023-47803 | THREATINT

Description

A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

PUBLISHED Reserved 2023-11-10 | Published 2024-06-28 | Updated 2024-08-02 | Assigner synology

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

affected

1.0 before 1.0.7-0298

affected

Credits

Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_23_15 (Synology-SA-23:15 Synology Camera (PWN2OWN 2023)) vendor-advisory

cve.org (CVE-2023-47803)

nvd.nist.gov (CVE-2023-47803)

Download JSON