CVE-2020-27660 – This SQL injection vulnerability in Synology Sa... (How to Fix)

Q: What is the severity of CVE-2020-27660?

CVE-2020-27660 has a CVSS score of 9.6 (CRITICAL). This SQL injection vulnerability in Synology SafeAccess allows remote attackers to execute arbitrary SQL commands via the domain parameter in request.cgi. Attackers can potentially read, modify, or delete database contents, and in worst cases achieve remote code execution. All Synology SafeAccess installations before version 1.2.3-0234 are affected.

📋 TL;DR

This SQL injection vulnerability in Synology SafeAccess allows remote attackers to execute arbitrary SQL commands via the domain parameter in request.cgi. Attackers can potentially read, modify, or delete database contents, and in worst cases achieve remote code execution. All Synology SafeAccess installations before version 1.2.3-0234 are affected.

💻 Affected Systems

Products:

Synology SafeAccess

Versions: All versions before 1.2.3-0234

Operating Systems: Synology DSM

Default Config Vulnerable: ⚠️ Yes

Notes: Affects SafeAccess component on Synology NAS devices running vulnerable versions.

📦 What is this software?

Safeaccess by Synology

View all CVEs affecting Safeaccess →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Database manipulation, credential theft, privilege escalation, and potential access to sensitive network information.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only information disclosure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available, exploitation requires network access to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.3-0234 or later

Vendor Advisory: https://www.synology.com/security/advisory/Synology_SA_20_25

Restart Required: Yes

Instructions:

1. Log into DSM as administrator. 2. Open Package Center. 3. Find SafeAccess. 4. Click Update if available. 5. Alternatively, download latest version from Synology website and manually install.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to SafeAccess web interface using firewall rules.

Disable SafeAccess

all

Temporarily disable SafeAccess package until patching is possible.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check SafeAccess package version in DSM Package Center. If version is earlier than 1.2.3-0234, system is vulnerable.

Check Version:

No direct command. Check via DSM web interface: Package Center > Installed > SafeAccess

Verify Fix Applied:

Verify SafeAccess version shows 1.2.3-0234 or later in Package Center.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts followed by successful access
Unexpected database operations

Network Indicators:

HTTP requests to request.cgi with SQL-like patterns in parameters
Unusual outbound database connections from SafeAccess server

SIEM Query:

source="synology" AND (url="*request.cgi*" AND (param="*domain=*SELECT*" OR param="*domain=*UNION*" OR param="*domain=*OR*"))

📊 Metadata

CVE ID: CVE-2020-27660

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-89

Published: November 30, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/thomasfady/Synology_SA_20_25 Exploit,Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_25 Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087 Exploit,Third Party Advisory
https://github.com/thomasfady/Synology_SA_20_25 Exploit,Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_25 Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27660, you might also want to check these: