CVE-2020-27658
https://notcve.org/view.php?id=CVE-2020-27658
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no incluye una flag HTTPOnly en un encabezado Set-Cookie para la cookie de sesión, lo que hace más fácil para atacantes remotos obtener información potencialmente confidencial por medio de un acceso de script a esta cookie • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVE-2020-27657
https://notcve.org/view.php?id=CVE-2020-27657
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. Una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en DDNS en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle rastrear información de autenticación de DNSExit por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2020-27655
https://notcve.org/view.php?id=CVE-2020-27655
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Una vulnerabilidad de control de acceso inapropiado en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos acceder a recursos restringidos por medio del tráfico de QuickConnect entrante • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1066 • CWE-269: Improper Privilege Management •
CVE-2020-27654
https://notcve.org/view.php?id=CVE-2020-27654
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Una vulnerabilidad de control de acceso inapropiado en lbd en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos ejecutar comandos arbitrarios por medio del puerto (1) 7786/tcp o (2) 7787/tcp • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 • CWE-269: Improper Privilege Management •
CVE-2020-27653
https://notcve.org/view.php?id=CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Una vulnerabilidad de degradación del algoritmo en QuickConnect en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •