How severe is CVE-2020-27658?

CVE-2020-27658 has a CVSS v3 score of 7.1 (HIGH).

CVE-2020-27658

Name: router_manager
Author: synology

7.1HIGH

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi

Publicado: 10/29/2020Actualizado: 11/21/2024

Descripción

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Análisis IAImpulsado por IA

Productos Afectados

synologyrouter_manager

Referencias

https://www.synology.com/security/advisory/Synology_SA_20_14
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086
ExploitThird Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_14
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086
ExploitThird Party Advisory