There’s hardly any software without vulnerabilities, as evident by the numerous vulnerability discoveries. In some cases, researchers discover multiple security flaws in a single product. This happened with Cisco Talos, who recently came across several remote flaws in Synology Router Manager (SRM), software that powers Synology routers.
SRM is a Linux-based operating system for these specific routers. Flaws were also present in QuickConnect, a feature in SRM that enables remote connections to the routers. The vulnerabilities could be exploited in various malicious scenarios, including remote code execution and exposure of sensitive details about the compromised network.
Following their strict disclosure rules, Cisco Talos cooperated with Synology to address the issues and work on an update. It should be noted that one of the flaws also affects the Qualcomm LBD service, and Qualcomm has released an update accordingly.
Multiple Vulnerabilities in Synology Router Manager (SRM)
Cisco Talos disclosed multiple vulnerabilities that allowed them “to achieve unconstrained root privileges in the router.” Furthermore, they also found that it was possible to remotely communicate with any router using the QuickConnect feature, allowing them to escalate their privileges to root.
The researchers also point out that “most of these issues allow an attacker to gain administrative privileges on the web interface. However, an administrator can enable ssh and log into the device as root, so being administrator in the web interface is equivalent to having unconstrained root privileges.”
Some of the issues also affect DSM, Synology says, and these flaws are the following:
TALOS-2020-1058 / CVE-2020-27648
TALOS-2020-1059 / CVE-2020-27650
TALOS-2020-1061 / CVE-2020-27652
TALOS-2020-1071 / CVE-2020-27656
The researchers tested and confirmed the vulnerabilities on the following systems:
Talos tested and confirmed that TALOS-2020-1051, TALOS-2020-1158, TALOS-2020-1159,TALOS-2020-1061, TALOS-2020-1065, TALOS-2020-1066, TALOS-2020-1071 and TALOS-2020-1086 affect Synology SRM, version 1.2.3 RT2600ac 8017-5. TALOS-2020-1065 also affects Qualcomm LBD, version 1.1. TALOS-2020-1060 and TALOS-2020-1064 affect the Synology QuickConnect servers. Synology confirmed that TALOS-2020-1058, TALOS-2020-1059, TALOS-2020-1061, TALOS-2020-1071 affect Synology DSM, version 6.2.3 25426.
Full technical disclose is available in the original Talos report.
In June 2020, security researchers discovered that 79 Netgear router models contained a severe security vulnerability that could lead to remote control. More specifically, the vulnerability affected 758 firmware versions used in 79 Netgear router models.