CVE-2020-27649

Name of the Vulnerable Software and Affected Versions: Synology Router Manager (SRM) versions prior to 1.2.4-8081

Description: The issue is related to errors in the certificate authentication procedure of the OpenVPN client in Synology Router Manager (SRM). This can be exploited by a remote attacker to gain unauthorized access to the target device by sending specially crafted requests. The vulnerability allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations: For versions prior to 1.2.4-8081, update to version 1.2.4-8081 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenVPN client until a patch is applied. Avoid using the OpenVPN client for sensitive information transmission until the issue is resolved.