CVE-2024-39352

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Related Vulnerabilities

CVE-2017-6816

MEDIUM
CVSS:4.9(Medium)

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CWE-8632017

CVE-2020-15120

MEDIUM
CVSS:4.9(Medium)

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be fur...

CWE-8632020

CVE-2020-26028

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.

CWE-8632020

CVE-2021-22186

MEDIUM
CVSS:4.9(Medium)

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

CWE-8632021

CVE-2021-22535

MEDIUM
CVSS:4.9(Medium)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could ...

CWE-8632021

CVE-2021-29158

MEDIUM
CVSS:4.9(Medium)

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

CWE-8632021