CVE-2023-47803
📋 TL;DR
A path traversal vulnerability in Synology Camera firmware allows remote attackers to read specific non-sensitive files via the Language Settings functionality. This affects BC500 and TC500 camera models running firmware versions before 1.0.7-0298. Attackers can exploit this to access files outside the intended directory structure.
💻 Affected Systems
- Synology BC500
- Synology TC500
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could potentially read configuration files, logs, or other system files that might contain information useful for further attacks, though the advisory specifies only non-sensitive information is accessible.
Likely Case
Attackers read specific non-sensitive files from the camera system, potentially gathering information about the device configuration or environment.
If Mitigated
If proper network segmentation and access controls are in place, the impact is limited to reading a few non-sensitive files with no system compromise.
🎯 Exploit Status
The advisory states 'remote attackers' suggesting unauthenticated access, and path traversal vulnerabilities typically have low exploitation complexity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.7-0298
Vendor Advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_23_15
Restart Required: Yes
Instructions:
1. Log into Synology Surveillance Station. 2. Navigate to Surveillance Station > Camera > Camera List. 3. Select affected BC500 or TC500 cameras. 4. Click 'Update Firmware' and follow prompts to install version 1.0.7-0298 or later. 5. Cameras will automatically restart after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate cameras on separate VLAN or network segment to limit exposure
Access Control Lists
allImplement firewall rules to restrict camera management interface access
🧯 If You Can't Patch
- Segment camera network from critical systems using VLANs or physical separation
- Implement strict firewall rules to allow only necessary traffic to camera management interfaces
🔍 How to Verify
Check if Vulnerable:
Check camera firmware version in Surveillance Station > Camera > Camera List > select camera > check firmware versionCheck Version:
No CLI command available - check via Synology Surveillance Station web interfaceVerify Fix Applied:
Verify firmware version shows 1.0.7-0298 or higher in camera properties📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in camera logs
- Multiple failed path traversal attempts
- Access to language settings functionality from unexpected sources
Network Indicators:
- HTTP requests with directory traversal patterns (../ sequences) to camera management interface
- Unusual traffic to camera language settings endpoints
SIEM Query:
source="camera_logs" AND (event="file_access" OR event="language_settings") AND (path="*../*" OR user_agent="*scanner*")