N/A

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Synology Camera Firmware 操作系统命令注入漏洞

Synology Camera Firmware是中国群晖科技（Synology）公司的一个网络摄像头的固件。 Synology Camera BC500 1.0.7-0298之前版本和TC500 1.0.7-0298之前版本存在操作系统命令注入漏洞，该漏洞源于存在操作系统命令注入，允许具有管理员权限的远程身份验证用户通过未指定的向量执行任意命令。

N/A

N/A