Plateforme
linux
Composant
lbd
Corrigé dans
1.2.4-8081
CVE-2020-27654 describes a critical improper access control vulnerability within the lbd component of Synology Router Manager (SRM). This flaw allows a remote attacker to execute arbitrary commands on affected systems, granting them significant control. The vulnerability impacts SRM versions prior to 1.2.4-8081, and a patch is available to address the issue.
The impact of CVE-2020-27654 is severe. Successful exploitation allows an attacker to execute arbitrary commands on the router with the privileges of the lbd process. This could lead to complete system compromise, including data theft, modification of router configurations, and the installation of malware. Given the router's role as a network gateway, attackers could potentially use compromised routers as pivot points to launch attacks against internal network resources, expanding the blast radius significantly. This vulnerability shares similarities with other remote code execution flaws where attackers exploit weak access controls to gain elevated privileges.
CVE-2020-27654 was publicly disclosed on October 29, 2020. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks. The vulnerability is not currently listed on CISA KEV.
Organizations and individuals using Synology Router Manager (SRM) are at risk, particularly those running versions prior to 1.2.4-8081. Small businesses and home users relying on SRM for network security are especially vulnerable due to potentially limited security expertise and slower patching cycles. Shared hosting environments utilizing SRM routers also pose a heightened risk.
• linux / server:
journalctl -u lbd | grep -i "error"• linux / server:
ss -tulnp | grep -E '7786|7787'• generic web:
Use netstat -tulnp to check for listening processes on ports 7786 and 7787. Investigate any unexpected processes.
disclosure
Statut de l'Exploit
EPSS
3.05% (percentile 87%)
Vecteur CVSS
The primary mitigation for CVE-2020-27654 is to immediately upgrade Synology Router Manager to version 1.2.4-8081 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to TCP ports 7786 and 7787 using a firewall or access control list (ACL) to limit potential attack vectors. Monitor router logs for suspicious activity, particularly attempts to connect to these ports. Synology recommends reviewing their security advisory for detailed instructions and further recommendations.
Mettez à jour Synology Router Manager (SRM) à la version 1.2.4-8081 ou ultérieure. Cela corrigera la vulnérabilité de contrôle d'accès incorrect dans le service lbd.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2020-27654 is a critical remote code execution vulnerability in Synology Router Manager (SRM) allowing attackers to execute commands. It affects versions up to 1.2.4-8081 and has a CVSS score of 9.8.
You are affected if you are running Synology Router Manager (SRM) version 1.2.4-8081 or earlier. Check your SRM version and upgrade immediately if necessary.
Upgrade your Synology Router Manager to version 1.2.4-8081 or later. As a temporary measure, restrict access to TCP ports 7786 and 7787.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target and potential for exploitation exists.
Refer to the official Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2020-27654
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.