{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-47802","assignerOrgId":"db201096-a0cc-46c7-9a55-61d9e221bf01","state":"PUBLISHED","assignerShortName":"synology","dateReserved":"2023-11-10T07:59:45.608Z","datePublished":"2024-06-28T06:01:58.733Z","dateUpdated":"2024-08-02T21:16:43.691Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78","type":"CWE"}]}],"affected":[{"vendor":"Synology","product":"Camera Firmware","versions":[{"version":"1.0","status":"affected","lessThan":"1.0.7-0298","versionType":"semver"}],"defaultStatus":"affected","platforms":["BC500","TC500"]}],"descriptions":[{"lang":"en","value":"A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500."}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","baseScore":7.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_23_15","name":"Synology-SA-23:15 Synology Camera (PWN2OWN 2023)","tags":["vendor-advisory"]}],"credits":[{"lang":"en","value":"Jaehoon Jang, Wonbeen Im, STEALIEN(https://stealien.com)","type":"finder"}],"providerMetadata":{"orgId":"db201096-a0cc-46c7-9a55-61d9e221bf01","shortName":"synology","dateUpdated":"2024-06-28T06:01:58.733Z"}},"adp":[{"affected":[{"vendor":"synology","product":"camera_firmware","cpes":["cpe:2.3:a:synology:camera_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected","lessThan":"1.0.7-0298","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-28T19:15:52.993070Z","id":"CVE-2023-47802","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-30T17:25:07.479Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:16:43.691Z"},"title":"CVE Program Container","references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_23_15","name":"Synology-SA-23:15 Synology Camera (PWN2OWN 2023)","tags":["vendor-advisory","x_transferred"]}]}]}}