35 matches found
Design/Logic Flaw
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...
Improper access control
Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...
Design/Logic Flaw
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...
CVE-2020-27655
Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...
CVE-2020-27655
CVE-2020-27655 is an improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081, where inbound QuickConnect traffic can reach restricted resources. Talos documents a QuickConnect iptables misconfiguration in SRM that allows packets from the QuickConnect VPN (tun1000)...
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...
CVE-2020-27653
CVE-2020-27653 affects Synology SRM (SRM 1.2.x) via QuickConnect. Talos documents an information-disclosure/mitm scenario where an attacker downgrades the VPN/HTTPS channel from HTTPS to HTTP, enabling interception of web traffic and session cookies. Affected versions include SRM 1.2.3 RT2600ac a...
PT-2020-16749 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.2.4-8081 Description: The issue is related to improper access control, allowing remote attackers to access restricted resources via inbound QuickConnect traffic. This can be exploited by attacke...
PT-2020-4927 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.2.4-8081 Description: The issue concerns a problem with the QuickConnect feature in Synology Router Manager, which allows for a man-in-the-middle attack. This could enable an attacker to spoof...
PT-2020-16748 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. This is due to an algorithm downgrade...
Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...
Synology SRM QuickConnect iptables network misconfiguration vulnerability
Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...
Synology QuickConnect servers network misconfiguration vulnerability
Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...
Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...
Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...