CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27655
https://notcve.org/view.php?id=CVE-2020-27655
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Una vulnerabilidad de control de acceso inapropiado en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos acceder a recursos restringidos por medio del tráfico de QuickConnect entrante • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1066 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2020-27654
https://notcve.org/view.php?id=CVE-2020-27654
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Una vulnerabilidad de control de acceso inapropiado en lbd en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos ejecutar comandos arbitrarios por medio del puerto (1) 7786/tcp o (2) 7787/tcp • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27653
https://notcve.org/view.php?id=CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. Una vulnerabilidad de degradación del algoritmo en QuickConnect en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27651
https://notcve.org/view.php?id=CVE-2020-27651
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no establece el flag Secure para la cookie de sesión en una sesión HTTPS, lo que hace más fácil a atacantes remotos capturar esta cookie al interceptar su transmisión dentro de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059 • CWE-311: Missing Encryption of Sensitive Data CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27649
https://notcve.org/view.php?id=CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Una vulnerabilidad de comprobación inapropiada del certificado en OpenVPN client en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de un certificado diseñado • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058 • CWE-295: Improper Certificate Validation •