CVE-2020-27655 MEDIUM

CVE-2020-27655

Vendor Synology

Product Synology Router Manager (SRM)

Weakness CWE-269

Published October 29, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

Key dates

02Disclosure timeline

October 29, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27655 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2020-27655

CWE CWE-269

CVSS 6.5 / MEDIUM

Affected versions