Hacking Synology BC500: From UART to unauthenticated remote code execution (RCE) π¨π»βπ»π½οΈπͺππͺ°
Security researcher Emanuele Barbeno shared details last year about the security research he and his colleagues conducted on a web camera from Synology.
This presentation, published just last month, is quite interesting. As usual, the story begins with UART and firmware analysis and ends with a serious vulnerability.
The cameraβs root account was locked but all cameras shared a default root password set to β12345β (!!!) Once researchers enabled the root account via their exploit, that predictable password let them log in over SSH/telnet.
More details:
Now I See You: Pwning The Synology BC500 Camera
[Youtube]: https://lnkd.in/dvyqGy5Z
