プラットフォーム
linux
コンポーネント
lbd
修正版
1.2.4-8081
CVE-2020-27654 describes a critical improper access control vulnerability within the lbd component of Synology Router Manager (SRM). This flaw allows a remote attacker to execute arbitrary commands on affected systems, granting them significant control. The vulnerability impacts SRM versions prior to 1.2.4-8081, and a patch is available to address the issue.
The impact of CVE-2020-27654 is severe. Successful exploitation allows an attacker to execute arbitrary commands on the router with the privileges of the lbd process. This could lead to complete system compromise, including data theft, modification of router configurations, and the installation of malware. Given the router's role as a network gateway, attackers could potentially use compromised routers as pivot points to launch attacks against internal network resources, expanding the blast radius significantly. This vulnerability shares similarities with other remote code execution flaws where attackers exploit weak access controls to gain elevated privileges.
CVE-2020-27654 was publicly disclosed on October 29, 2020. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks. The vulnerability is not currently listed on CISA KEV.
Organizations and individuals using Synology Router Manager (SRM) are at risk, particularly those running versions prior to 1.2.4-8081. Small businesses and home users relying on SRM for network security are especially vulnerable due to potentially limited security expertise and slower patching cycles. Shared hosting environments utilizing SRM routers also pose a heightened risk.
• linux / server:
journalctl -u lbd | grep -i "error"• linux / server:
ss -tulnp | grep -E '7786|7787'• generic web:
Use netstat -tulnp to check for listening processes on ports 7786 and 7787. Investigate any unexpected processes.
disclosure
エクスプロイト状況
EPSS
3.05% (87% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2020-27654 is to immediately upgrade Synology Router Manager to version 1.2.4-8081 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to TCP ports 7786 and 7787 using a firewall or access control list (ACL) to limit potential attack vectors. Monitor router logs for suspicious activity, particularly attempts to connect to these ports. Synology recommends reviewing their security advisory for detailed instructions and further recommendations.
Synology Router Manager (SRM) をバージョン 1.2.4-8081 以降にアップデートしてください。これにより、lbd サービスにおける不適切なアクセス制御の脆弱性が修正されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2020-27654 is a critical remote code execution vulnerability in Synology Router Manager (SRM) allowing attackers to execute commands. It affects versions up to 1.2.4-8081 and has a CVSS score of 9.8.
You are affected if you are running Synology Router Manager (SRM) version 1.2.4-8081 or earlier. Check your SRM version and upgrade immediately if necessary.
Upgrade your Synology Router Manager to version 1.2.4-8081 or later. As a temporary measure, restrict access to TCP ports 7786 and 7787.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target and potential for exploitation exists.
Refer to the official Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2020-27654