CVE-2020-27658
7.1HIGHSynology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi
Publicado: 10/29/2020Atualizado: 11/21/2024
Descrição
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Análise IADesenvolvido por IA
Produtos Afetados
synologyrouter_manager
Referências
- https://www.synology.com/security/advisory/Synology_SA_20_14Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086ExploitThird Party Advisory
- https://www.synology.com/security/advisory/Synology_SA_20_14Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086ExploitThird Party Advisory