CVE-2020-27651

Name of the Vulnerable Software and Affected Versions: Synology Router Manager (SRM) versions prior to 1.2.4-8081

Description: The issue is related to the absence of the Secure flag in session cookies. This makes it easier for remote attackers to capture the session cookie by intercepting its transmission within an HTTP session, potentially allowing unauthorized access to the target device.

Recommendations: For versions prior to 1.2.4-8081, update to version 1.2.4-8081 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the Synology Router Manager to minimize the risk of exploitation.