Vulnerability Details CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.1%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 6.8
References
Products affected by CVE-2020-27649
-
cpe:2.3:a:synology:router_manager:1.2
-
cpe:2.3:a:synology:router_manager:1.2-7742
-
cpe:2.3:a:synology:router_manager:1.2-7742-1
-
cpe:2.3:a:synology:router_manager:1.2-7742-2
-
cpe:2.3:a:synology:router_manager:1.2-7742-3
-
cpe:2.3:a:synology:router_manager:1.2-7742-4
-
cpe:2.3:a:synology:router_manager:1.2-7742-5
-
cpe:2.3:a:synology:router_manager:1.2.1-7779
-
cpe:2.3:a:synology:router_manager:1.2.1-7779-1
-
cpe:2.3:a:synology:router_manager:1.2.2-7915
-
cpe:2.3:a:synology:router_manager:1.2.3-8017-2
-
cpe:2.3:a:synology:router_manager:1.2.3-8087