CVE-2021-47961

HIGH

Synology SSL VPN Client <1.4.5-0684 - Info Disclosure

Title source: llm

Description

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

References (1)

[Vendor Advisory] https://www.synology.com/en-global/security/advisory/Synology_SA_26_05

Scores

CVSS v3 8.1

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-256

Status published

Products (1)

Synology/Synology SSL VPN Client < 1.4.5-0684

Published Apr 10, 2026

Tracked Since Apr 10, 2026