Plattform
linux
Komponente
lbd
Behoben in
1.2.4-8081
CVE-2020-27654 describes a critical improper access control vulnerability within the lbd component of Synology Router Manager (SRM). This flaw allows a remote attacker to execute arbitrary commands on affected systems, granting them significant control. The vulnerability impacts SRM versions prior to 1.2.4-8081, and a patch is available to address the issue.
The impact of CVE-2020-27654 is severe. Successful exploitation allows an attacker to execute arbitrary commands with the privileges of the lbd process, effectively granting them root access to the router. This could lead to complete system compromise, including data theft, modification of router configurations, and the installation of malware. The attacker could then leverage the compromised router as a pivot point to attack other devices on the network, expanding the blast radius significantly. This vulnerability shares similarities with other remote code execution flaws where attackers gain shell access to a device, enabling them to perform a wide range of malicious activities.
CVE-2020-27654 was publicly disclosed on October 29, 2020. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. It is not currently listed on CISA KEV. Public proof-of-concept exploits are available, increasing the likelihood of exploitation.
Organizations and individuals using Synology Router Manager (SRM) are at risk, particularly those running versions prior to 1.2.4-8081. Small businesses and home users relying on SRM for network security are especially vulnerable due to potentially limited security expertise and slower patching cycles. Shared hosting environments utilizing SRM routers also pose a heightened risk.
• linux / server:
journalctl -u lbd | grep -i "error"• linux / server:
ss -tulnp | grep -E '7786|7787'• generic web:
Use netstat -tulnp to check for listening processes on ports 7786 and 7787. Investigate any unexpected processes.
disclosure
Exploit-Status
EPSS
3.05% (87% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2020-27654 is to upgrade Synology Router Manager to version 1.2.4-8081 or later. If upgrading immediately is not feasible, consider temporarily disabling access to TCP ports 7786 and 7787 using firewall rules on the router or upstream network devices. While not a complete solution, this can reduce the attack surface. Monitor router logs for any suspicious activity related to these ports. Synology recommends reviewing their security advisory for further details and best practices. After upgrading, verify the fix by attempting to connect to ports 7786 and 7787; connections should be refused.
Aktualisieren Sie Synology Router Manager (SRM) auf Version 1.2.4-8081 oder höher. Dies behebt die fehlerhafte Zugriffskontroll-Vulnerabilität im lbd-Dienst.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2020-27654 is a critical remote code execution vulnerability in Synology Router Manager (SRM) allowing attackers to execute commands. It affects versions up to 1.2.4-8081 and has a CVSS score of 9.8.
You are affected if you are running Synology Router Manager (SRM) version 1.2.4-8081 or earlier. Check your SRM version and upgrade immediately if necessary.
Upgrade your Synology Router Manager to version 1.2.4-8081 or later. As a temporary measure, restrict access to TCP ports 7786 and 7787.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target and potential for exploitation exists.
Refer to the official Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2020-27654
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.