CVE-2021-47961
HIGHSynology SSL VPN Client <1.4.5-0684 - Info Disclosure
Title source: llmDescription
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-26:05 Synology SSL VPN Client
https://www.synology.com/en-global/security/advisory/Synology_SA_26_05
Scores
CVSS v3
8.1
EPSS
0.0032
EPSS Percentile
23.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-256
Status
published
Products (2)
synology/ssl_vpn_client
< 1.4.5-0684
Synology/Synology SSL VPN Client
< 1.4.5-0684
Published
Apr 10, 2026
Tracked Since
Apr 10, 2026