CVE-2020-27660

Name of the Vulnerable Software and Affected Versions Synology SafeAccess versions prior to 1.2.3-0234

Description The issue allows remote attackers to execute arbitrary SQL commands via the domain parameter in request.cgi. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations For Synology SafeAccess versions prior to 1.2.3-0234, update to version 1.2.3-0234 or later to resolve the issue. As a temporary workaround, consider restricting access to the request.cgi module to minimize the risk of exploitation. Avoid using the domain parameter in the affected API endpoint until the issue is resolved.