Lucene search
K

35 matches found

Prion
Prion
added 2020/10/29 9:15 a.m.22 views

Design/Logic Flaw

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

5.1CVSS7.7AI score0.00822EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2020/10/29 9:15 a.m.23 views

Improper access control

Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...

7.5CVSS9.3AI score0.01745EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/10/29 9:15 a.m.28 views

Design/Logic Flaw

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

5.1CVSS7.7AI score0.00822EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2020/10/29 8:55 a.m.35 views

CVE-2020-27655

Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...

6.5CVSS9.5AI score0.01745EPSS
Exploits1References2
CVE
CVE
added 2020/10/29 8:55 a.m.61 views

CVE-2020-27655

CVE-2020-27655 is an improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081, where inbound QuickConnect traffic can reach restricted resources. Talos documents a QuickConnect iptables misconfiguration in SRM that allows packets from the QuickConnect VPN (tun1000)...

10CVSS9.3AI score0.01745EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/29 8:55 a.m.37 views

CVE-2020-27653

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

8.3CVSS7.9AI score0.00822EPSS
Exploits1References2
CVE
CVE
added 2020/10/29 8:55 a.m.82 views

CVE-2020-27653

CVE-2020-27653 affects Synology SRM (SRM 1.2.x) via QuickConnect. Talos documents an information-disclosure/mitm scenario where an attacker downgrades the VPN/HTTPS channel from HTTPS to HTTP, enabling interception of web traffic and session cookies. Affected versions include SRM 1.2.3 RT2600ac a...

8.3CVSS8.3AI score0.00822EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2020/10/29 12:0 a.m.6 views

PT-2020-16749 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.2.4-8081 Description: The issue is related to improper access control, allowing remote attackers to access restricted resources via inbound QuickConnect traffic. This can be exploited by attacke...

10CVSS9.4AI score0.01745EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2020/10/29 12:0 a.m.6 views

PT-2020-4927 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.2.4-8081 Description: The issue concerns a problem with the QuickConnect feature in Synology Router Manager, which allows for a man-in-the-middle attack. This could enable an attacker to spoof...

8.3CVSS9.2AI score0.00822EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2020/10/29 12:0 a.m.5 views

PT-2020-16748 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. This is due to an algorithm downgrade...

8.3CVSS9AI score0.00822EPSS
Exploits1References4
Talos
Talos
added 2020/10/29 12:0 a.m.109 views

Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...

8.3CVSS7.7AI score0.00822EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.87 views

Synology SRM QuickConnect iptables network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...

10CVSS8.3AI score0.01745EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.181 views

Synology QuickConnect servers network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...

7.9AI score
Exploits0
Talos
Talos
added 2020/10/29 12:0 a.m.108 views

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...

6.9AI score
Exploits0
Talos
Talos
added 2020/10/29 12:0 a.m.41 views

Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...

8.1CVSS6.5AI score0.00762EPSS
Exploits1
Rows per page
Query Builder