CVE-2021-47961 PUBLISHED

Assigner: synology
Reserved: 10.04.2026 Published: 10.04.2026 Updated: 10.04.2026

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Synology
Product	Synology SSL VPN Client
Versions	Default: affected affected from * to 1.4.5-0684 (excl.)

Credits

Laurent Sibilla (https://www.linkedin.com/in/lsibilla/) finder

References

Synology-SA-26:05 Synology SSL VPN Client

Problem Types

Plaintext Storage of a Password CWE