CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27658

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.7%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 4.3

References

Products affected by CVE-2020-27658

Synology » Router Manager » Version: 1.2

cpe:2.3:a:synology:router_manager:1.2
Synology » Router Manager » Version: 1.2-7742

cpe:2.3:a:synology:router_manager:1.2-7742
Synology » Router Manager » Version: 1.2-7742-1

cpe:2.3:a:synology:router_manager:1.2-7742-1
Synology » Router Manager » Version: 1.2-7742-2

cpe:2.3:a:synology:router_manager:1.2-7742-2
Synology » Router Manager » Version: 1.2-7742-3

cpe:2.3:a:synology:router_manager:1.2-7742-3
Synology » Router Manager » Version: 1.2-7742-4

cpe:2.3:a:synology:router_manager:1.2-7742-4
Synology » Router Manager » Version: 1.2-7742-5

cpe:2.3:a:synology:router_manager:1.2-7742-5
Synology » Router Manager » Version: 1.2.1-7779

cpe:2.3:a:synology:router_manager:1.2.1-7779
Synology » Router Manager » Version: 1.2.1-7779-1

cpe:2.3:a:synology:router_manager:1.2.1-7779-1
Synology » Router Manager » Version: 1.2.2-7915

cpe:2.3:a:synology:router_manager:1.2.2-7915
Synology » Router Manager » Version: 1.2.3-8017-2

cpe:2.3:a:synology:router_manager:1.2.3-8017-2
Synology » Router Manager » Version: 1.2.3-8087

cpe:2.3:a:synology:router_manager:1.2.3-8087

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27658

Products

Pricing

Contact Us