CVE-2020-27653 — Use of a Broken or Risky Cryptographic Algorithm in Synology Router Manager

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.5%

top 33.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Router Manager Synology Router Manager Synology Diskstation Manager

Timeline

PublishedOct 29

Latest updateMay 24

Description

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages3 packages

▶NVDsynology/router_manager1.2 — 1.2.4-8081

▶CVEListV5synology/synology_router_managerunspecified — 1.2.4-8081

▶NVDsynology/diskstation_manager6.2.3_25426

🔴Vulnerability Details

GHSA

GHSA-8wh4-6822-h89q: Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1↗2022-05-24

▶

CVEList

CVE-2020-27653: Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1↗2020-10-29

▶