CVE-2018-13283

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.2.5-0226

Description The issue is related to a lack of administrator control over security vulnerabilities in the client.cgi component. This allows remote attackers to conduct man-in-the-middle attacks by manipulating the command, hostname, or port parameters.

Recommendations For versions prior to 1.2.5-0226, update to version 1.2.5-0226 or later to resolve the issue. As a temporary workaround, consider restricting access to the client.cgi component to minimize the risk of exploitation. Avoid using the command, hostname, or port parameters in the affected API endpoint until the issue is resolved.