EUVD-2020-20159

Malware in sbrugna...

Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-26566)

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. This plugin only works with Tenable.ot. Please visit...

Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers. An attacker can impersonate the remote QuickConnect servers in order to impersonate the remote device and in turn steal the device’s credentials. An attacker...

Synology DiskStation Manager Sensitive Information Insertion Send Data Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A data vulnerability exists in synorelayd in Synology DiskStation Manager...

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic...

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic...

CVE-2021-26566

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic...

PT-2021-17044 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic due to the insertion of sensitive information into sent...

Synology DiskStation Manager 信息泄露漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A data vulnerability exists in synorelayd in Synology DiskStation Manager...

Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager)

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Claudio Bozzato and Jon Munshaw. Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager SRM — a Linux-based operating system f...

Synology DiskStation Manager Algorithm Downgrade Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in Synology DiskStation Manager DSM versions...

Synology Router Manager Algorithm Downgrade Vulnerability

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A security vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which originates from QuickConnect, and can be exploited by an attacker to spoo...

CVE-2020-27655

Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...

CVE-2020-27652

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

CVE-2020-27655

Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...

CVE-2020-27653

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

CVE-2020-27653

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

CVE-2020-27652

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

Design/Logic Flaw

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...