What is CVE-2020-27658?

CVE-2020-27658 is a vulnerability in Synology Router Manager (SRM) that allows remote attackers to obtain potentially sensitive information via script access to the session cookie.

How does CVE-2020-27658 affect Synology Router Manager?

CVE-2020-27658 affects Synology Router Manager versions before 1.2.4-8081 by not including the HTTPOnly flag in the Set-Cookie header for the session cookie.

What is the severity of CVE-2020-27658?

CVE-2020-27658 has a severity rating of high with a CVSS score of 6.1.

How can remote attackers exploit CVE-2020-27658?

Remote attackers can exploit CVE-2020-27658 by using script access to the session cookie, which allows them to obtain potentially sensitive information.

Are there any references for more information about CVE-2020-27658?

Yes, you can find more information about CVE-2020-27658 at the following references: [Synology Security Advisory](https://www.synology.com/security/advisory/Synology_SA_20_14), [TALOS Intelligence](https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086).

Vulnerability/
CVE-2020-27658

high

7.1

CWE

732 1004

29/10/2020

4/8/2024

CVE-2020-27658

First published: Thu Oct 29 2020(Updated: )

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Credit: security@synology.com

Affected Software	Affected Version	How to fix
Synology Router Manager	>=1.2<1.2.4-8081

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-27658?
CVE-2020-27658 is a vulnerability in Synology Router Manager (SRM) that allows remote attackers to obtain potentially sensitive information via script access to the session cookie.
How does CVE-2020-27658 affect Synology Router Manager?
CVE-2020-27658 affects Synology Router Manager versions before 1.2.4-8081 by not including the HTTPOnly flag in the Set-Cookie header for the session cookie.
What is the severity of CVE-2020-27658?
CVE-2020-27658 has a severity rating of high with a CVSS score of 6.1.
How can remote attackers exploit CVE-2020-27658?
Remote attackers can exploit CVE-2020-27658 by using script access to the session cookie, which allows them to obtain potentially sensitive information.
Are there any references for more information about CVE-2020-27658?
Yes, you can find more information about CVE-2020-27658 at the following references: [Synology Security Advisory](https://www.synology.com/security/advisory/Synology_SA_20_14), [TALOS Intelligence](https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086).

agent/references
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/synology
canonical/synology router manager
version/synology router manager/1.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.