Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
没有’HttpOnly’标志的敏感Cookie
Vulnerability Title
Synology Router Manager 安全漏洞
Vulnerability Description
Synology Router Manager(SRM)是中国台湾群晖科技(Synology)公司的一款用于配置和管理Synology路由器的软件。 Synology Router Manager (SRM) 1.2.4-8081之前版本存在安全漏洞,该漏洞源于不包含session cookie的Set-Cookie头中的HTTPOnly标志,攻击者可利用该漏洞更容易通过脚本访问该cookie来获取潜在的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A