Improper Certificate Validation in Synology Router Manager Affects OpenVPN Client
CVE-2020-27649
8.3HIGH
Key Information:
- Vendor
Synology
- Vendor
- CVE Published:
- 29 October 2020
What is CVE-2020-27649?
The OpenVPN client in Synology Router Manager is susceptible to an improper certificate validation vulnerability. This flaw allows man-in-the-middle attackers to exploit the improper verification process, enabling them to spoof legitimate servers. By presenting a specially crafted certificate, attackers can intercept and gain access to sensitive information transmitted between clients and the server, potentially leading to data leaks and compromised security protocols.
Affected Version(s)
Synology Router Manager (SRM) < 1.2.4-8081