CVE-2023-5746 – A format string vulnerability in Synology camer... (How to Fix)

Q: What is the severity of CVE-2023-5746?

CVE-2023-5746 has a CVSS score of 9.8 (CRITICAL). A format string vulnerability in Synology camera firmware allows remote attackers to execute arbitrary code by controlling format string inputs. This affects Synology BC500 and TC500 camera models running firmware versions before 1.0.5-0185.

📋 TL;DR

A format string vulnerability in Synology camera firmware allows remote attackers to execute arbitrary code by controlling format string inputs. This affects Synology BC500 and TC500 camera models running firmware versions before 1.0.5-0185.

💻 Affected Systems

Products:

Synology BC500
Synology TC500

Versions: Firmware versions before 1.0.5-0185

Operating Systems: Synology Camera Firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific Synology camera models with vulnerable firmware versions.

📦 What is this software?

Bc500 Firmware by Synology

View all CVEs affecting Bc500 Firmware →

Tc500 Firmware by Synology

View all CVEs affecting Tc500 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attackers gain full system control, potentially compromising the camera system and network access.

🟠

Likely Case

Remote code execution leading to camera compromise, surveillance disruption, or lateral movement into connected networks.

🟢

If Mitigated

If properly segmented and patched, impact limited to isolated camera system with no network access.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication.

🏢 Internal Only: HIGH - Network-accessible cameras vulnerable to internal attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Format string vulnerabilities typically have low exploitation complexity once vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.5-0185 or later

Vendor Advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_23_11

Restart Required: Yes

Instructions:

1. Log into Synology Surveillance Station. 2. Navigate to Surveillance Station > Camera > Camera List. 3. Select affected camera. 4. Click Edit > Firmware Update. 5. Update to version 1.0.5-0185 or later. 6. Restart camera.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN with no internet access.

Access Control

all

Restrict network access to camera management interfaces using firewall rules.

🧯 If You Can't Patch

Disable remote access to camera management interfaces
Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check camera firmware version in Surveillance Station > Camera > Camera List > select camera > check firmware version.

Check Version:

No CLI command - check via Surveillance Station web interface.

Verify Fix Applied:

Confirm firmware version is 1.0.5-0185 or later in camera settings.

📡 Detection & Monitoring

Log Indicators:

Unusual CGI requests to camera
Format string patterns in HTTP requests
Unexpected process execution

Network Indicators:

Unusual HTTP requests to camera CGI endpoints
Suspicious payloads containing format string specifiers

SIEM Query:

source="camera_logs" AND (http_uri="*.cgi" OR message="%n%x%s")

📊 Metadata

CVE ID: CVE-2023-5746

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-134

Published: October 25, 2023

Last Updated: November 21, 2024

🔗 References

https://www.synology.com/en-global/security/advisory/Synology_SA_23_11 Vendor Advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_23_11 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5746, you might also want to check these: