First published: Thu Oct 29 2020(Updated: )
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Router Manager | >=1.2<1.2.4-8081 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-27649.
The title of this vulnerability is "Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081."
The severity of CVE-2020-27649 is critical.
The Synology Router Manager (SRM) software versions before 1.2.4-8081 are affected by CVE-2020-27649.
To fix CVE-2020-27649, users should update their Synology Router Manager (SRM) software to version 1.2.4-8081 or later.