Platform
linux
Component
lbd
Fixed in
1.2.4-8081
CVE-2020-27654 describes a critical improper access control vulnerability within the lbd component of Synology Router Manager (SRM). This flaw allows a remote attacker to execute arbitrary commands on affected systems, granting them significant control. The vulnerability impacts SRM versions prior to 1.2.4-8081, and a patch is available to address the issue.
The impact of CVE-2020-27654 is severe. Successful exploitation allows an attacker to execute arbitrary commands on the router with the privileges of the lbd process. This could lead to complete system compromise, including data theft, modification of router configurations, and the installation of malware. Given the router's role as a network gateway, attackers could potentially use compromised routers as pivot points to launch attacks against internal network resources, expanding the blast radius significantly. This vulnerability shares similarities with other remote code execution flaws where attackers exploit weak access controls to gain elevated privileges.
CVE-2020-27654 was publicly disclosed on October 29, 2020. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks. The vulnerability is not currently listed on CISA KEV.
Exploit Status
EPSS
3.05% (87% percentile)
CVSS Vector
The primary mitigation for CVE-2020-27654 is to immediately upgrade Synology Router Manager to version 1.2.4-8081 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to TCP ports 7786 and 7787 using a firewall or access control list (ACL) to limit potential attack vectors. Monitor router logs for suspicious activity, particularly attempts to connect to these ports. Synology recommends reviewing their security advisory for detailed instructions and further recommendations.
Update Synology Router Manager (SRM) to version 1.2.4-8081 or later. This will resolve the improper access control vulnerability in the lbd service.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2020-27654 is a critical remote code execution vulnerability in Synology Router Manager (SRM) allowing attackers to execute commands. It affects versions up to 1.2.4-8081 and has a CVSS score of 9.8.
You are affected if you are running Synology Router Manager (SRM) version 1.2.4-8081 or earlier. Check your SRM version and upgrade immediately if necessary.
Upgrade your Synology Router Manager to version 1.2.4-8081 or later. As a temporary measure, restrict access to TCP ports 7786 and 7787.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target and potential for exploitation exists.
Refer to the official Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2020-27654
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.