Synergy A Firmware
CVE-2023-37220
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Synel Terminals - CWE-494: Download of Code Without Integrity Check
AnalysisAI
Synel Terminals - CWE-494: Download of Code Without Integrity Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-494. Synel Terminals - CWE-494: Download of Code Without Integrity Check Affected products include: Synel Synergy\/A Firmware, Synel Synergy Touch Firmware, Synel Synergy 10 Firmware, Synel Synergy 5 Firmware, Synel Sy-910 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Synergy A Firmware
View allSynel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'. Rated critical severity (CVSS 9.8), this vulnerabi
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this v
Same weakness CWE-494 – Download of Code Without Integrity Check
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today