What is CVE-2020-27651?

CVE-2020-27651 is a medium-severity vulnerability in Synology Router Manager (Srm), classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.8/10. Published 2020-10-29.

How severe is CVE-2020-27651?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Synology Router Manager (Srm)

CVE-2020-27651

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP sess…

EPSS: 0.003 (55.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L.

Affected products

Synology Router Manager (Srm) — versions unspecified

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

www.synology.com/security/advisory/Synology_SA_20_14 (x_refsource_CONFIRM)
www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-27651?: CVE-2020-27651 is a medium-severity vulnerability in Synology Router Manager (Srm), classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.8/10. Published 2020-10-29.
How severe is CVE-2020-27651?: Medium severity. CVSS v3 base score is 5.8 out of 10.