CVE-2020-27651

MEDIUM

Synology Router Manager <1.2.4-8081 - Info Disclosure

Title source: llm

Description

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

References (2)

[Vendor Advisory] https://www.synology.com/security/advisory/Synology_SA_20_14

[Exploit, Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059

Scores

CVSS v3 5.8

EPSS 0.0032

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-614 CWE-311

Status published

Products (1)

synology/router_manager 1.2 - 1.2.4-8081

Published Oct 29, 2020

Tracked Since Feb 18, 2026