PT-2020-4934 · Synology · Synology Router Manager

Claudio Bozzato

Published

2020-10-29

Updated

2022-11-16

CVE-2020-27654

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Synology Router Manager (SRM) versions prior to 1.2.4-8081

Description: The issue is related to improper access control in the lbd service of Synology Router Manager (SRM), allowing remote attackers to execute arbitrary commands. This can be done via ports 7786/tcp or 7787/tcp.

Recommendations: For versions prior to 1.2.4-8081, update to version 1.2.4-8081 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 7786/tcp and 7787/tcp to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

BDU:2020-05509

CVE-2020-27654

Affected Products

Synology Router Manager

PT-2020-4934 · Synology · Synology Router Manager

CVE-2020-27654

Weakness Enumeration

Related Identifiers

Affected Products

References · 9