CVE-2020-27649

CRITICAL Year: 2020
CVSS v3 Score
9.0
Critical
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Related Vulnerabilities

CVE-2020-27648

CRITICAL
CVSS:9.0(Critical)

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive info...

CWE-2952020

CVE-2025-23114

CRITICAL
CVSS:9.0(Critical)

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

CWE-2952025

CVE-2014-8164

CRITICAL
CVSS:9.1(Critical)

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.

CWE-2952014

CVE-2017-17944

CRITICAL
CVSS:9.1(Critical)

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

CWE-2952017

CVE-2017-17945

CRITICAL
CVSS:9.1(Critical)

The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

CWE-2952017

CVE-2017-18911

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

CWE-2952017