CVE-2020-27657Cleartext Transmission of Sensitive Info in Synology Router Manager

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.9MEDIUMNVD
CNA6.5
EPSS
0.1%
top 73.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Router ManagerSynology Router Manager
Timeline
PublishedOct 29
Latest updateMay 24

Description

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDsynology/router_manager1.21.2.4-8081
CVEListV5synology/synology_router_managerunspecified1.2.4-8081

🔴Vulnerability Details

2
GHSA
GHSA-24jw-4h76-4686: Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 12022-05-24
CVEList
CVE-2020-27657: Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 12020-10-29
CVE-2020-27657 — Synology Router Manager vulnerability | cvebase