CVE-2020-27651 MEDIUM

CVE-2020-27651

Vendor Synology
Product Synology Router Manager (SRM)
Weakness CWE-614 · Cookie without Secure flag
Published October 29, 2020
Last update September 16, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

Key dates

02Disclosure timeline

October 29, 2020 CVE published
September 16, 2024 Record updated