Lucene search
SynologyCVELIST:CVE-2020-27655HistoryOct 29, 2020 - 8:55 a.m.
CVE-2020-27655
2020-10-2908:55:22
CWE-269
synology
www.cve.org
5
improper access control
synology router manager
srm
remote attackers
restricted resources
inbound quickconnect traffic
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
51.7%
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CNA Affected
[
{
"product": "Synology Router Manager (SRM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.4-8081",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
talos
talos
Synology SRM QuickConnect iptables network misconfiguration vulnerability
2020-10-29 00:00:00
prion
prion
Improper access control
2020-10-29 09:15:00
nvd
nvd
CVE-2020-27655
2020-10-29 09:15:13
cve
cve
CVE-2020-27655
2020-10-29 09:15:13
openvas
openvas
talosblog
talosblog
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
51.7%
Related for CVELIST:CVE-2020-27655