平台
linux
组件
lbd
修复版本
1.2.4-8081
CVE-2020-27654 describes a critical improper access control vulnerability within the lbd component of Synology Router Manager (SRM). This flaw allows a remote attacker to execute arbitrary commands on affected systems, granting them significant control. The vulnerability impacts SRM versions prior to 1.2.4-8081, and a patch is available to address the issue.
The impact of CVE-2020-27654 is severe. Successful exploitation allows an attacker to execute arbitrary commands on the router with the privileges of the lbd process. This could lead to complete system compromise, including data theft, modification of router configurations, and the installation of malware. Given the router's role as a network gateway, attackers could potentially use compromised routers as pivot points to launch attacks against internal network resources, expanding the blast radius significantly. This vulnerability shares similarities with other remote code execution flaws where attackers exploit weak access controls to gain elevated privileges.
CVE-2020-27654 was publicly disclosed on October 29, 2020. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks. The vulnerability is not currently listed on CISA KEV.
Organizations and individuals using Synology Router Manager (SRM) are at risk, particularly those running versions prior to 1.2.4-8081. Small businesses and home users relying on SRM for network security are especially vulnerable due to potentially limited security expertise and slower patching cycles. Shared hosting environments utilizing SRM routers also pose a heightened risk.
• linux / server:
journalctl -u lbd | grep -i "error"• linux / server:
ss -tulnp | grep -E '7786|7787'• generic web:
Use netstat -tulnp to check for listening processes on ports 7786 and 7787. Investigate any unexpected processes.
disclosure
漏洞利用状态
EPSS
3.05% (87% 百分位)
CVSS 向量
The primary mitigation for CVE-2020-27654 is to immediately upgrade Synology Router Manager to version 1.2.4-8081 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to TCP ports 7786 and 7787 using a firewall or access control list (ACL) to limit potential attack vectors. Monitor router logs for suspicious activity, particularly attempts to connect to these ports. Synology recommends reviewing their security advisory for detailed instructions and further recommendations.
将 Synology Router Manager (SRM) 更新到 1.2.4-8081 或更高版本。这可以解决 lbd 服务中的访问控制不当漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2020-27654 is a critical remote code execution vulnerability in Synology Router Manager (SRM) allowing attackers to execute commands. It affects versions up to 1.2.4-8081 and has a CVSS score of 9.8.
You are affected if you are running Synology Router Manager (SRM) version 1.2.4-8081 or earlier. Check your SRM version and upgrade immediately if necessary.
Upgrade your Synology Router Manager to version 1.2.4-8081 or later. As a temporary measure, restrict access to TCP ports 7786 and 7787.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target and potential for exploitation exists.
Refer to the official Synology Security Advisory: https://www.synology.com/en-global/security/advisory/CVE-2020-27654