CVE-2020-27658
7.1HIGHSynology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi
Published: 10/29/2020Updated: 11/21/2024
Description
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
AI AnalysisPowered by AI
Affected Products
synologyrouter_manager
References
- https://www.synology.com/security/advisory/Synology_SA_20_14Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086ExploitThird Party Advisory
- https://www.synology.com/security/advisory/Synology_SA_20_14Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086ExploitThird Party Advisory