A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00572.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Synology Subscribe
Bc500 Subscribe
Bc500 Firmware Subscribe
Cc400w Subscribe
Cc400w Firmware Subscribe
Tc500 Subscribe
Tc500 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:synology:cc400w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:cc400w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-54109 A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.synology.com/en-global/security/advisory/Synology_SA_24_24 cve-icon cve-icon
History

Fri, 16 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology bc500
Synology bc500 Firmware
Synology cc400w
Synology cc400w Firmware
Synology tc500
Synology tc500 Firmware
CPEs cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*
cpe:2.3:h:synology:cc400w:-:*:*:*:*:*:*:*
cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*
cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:synology:cc400w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*
Vendors & Products Synology
Synology bc500
Synology bc500 Firmware
Synology cc400w
Synology cc400w Firmware
Synology tc500
Synology tc500 Firmware

Wed, 19 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 19 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
Description A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2025-03-19T14:04:50.829Z

Reserved: 2024-11-12T08:55:41.039Z

Link: CVE-2024-11131

cve-icon Vulnrichment

Updated: 2025-03-19T14:04:42.811Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-19T03:15:12.850

Modified: 2026-01-16T15:40:16.353

Link: CVE-2024-11131

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses