CVE-2018-8929

Summary

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.

Affected Software

VendorProductVersion RangeStatus
SynologySSL VPN Clientunspecified < 1.2.4-0224affected

Weaknesses

  • CWE-319: CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References