CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27651
https://notcve.org/view.php?id=CVE-2020-27651
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, no establece el flag Secure para la cookie de sesión en una sesión HTTPS, lo que hace más fácil a atacantes remotos capturar esta cookie al interceptar su transmisión dentro de una sesión HTTP • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059 • CWE-311: Missing Encryption of Sensitive Data CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27649
https://notcve.org/view.php?id=CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Una vulnerabilidad de comprobación inapropiada del certificado en OpenVPN client en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial por medio de un certificado diseñado • https://www.synology.com/security/advisory/Synology_SA_20_14 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058 • CWE-295: Improper Certificate Validation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11823
https://notcve.org/view.php?id=CVE-2019-11823
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Una vulnerabilidad de inyección de CRLF en Network Center en Synology Router Manager (SRM) versiones anteriores a la versión 1.2.3-8017-2, permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites y bloqueo de aplicación) por medio de un tráfico de red diseñado. • https://www.synology.com/security/advisory/Synology_SA_20_11 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9502 – Broadcom wl driver is vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2019-9502
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. El controlador Broadcom wl WiFi es vulnerable a un desbordamiento del búfer de la pila. • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html https://kb.cert.org/vuls/id/166939 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-9501 – Broadcom wl driver is vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2019-9501
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. El controlador Broadcom wl WiFi es vulnerable a un desbordamiento del búfer de la pila. • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html https://kb.cert.org/vuls/id/166939 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •