CVE-2021-47961 | THREATINT

Description

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

PUBLISHED Reserved 2026-04-10 | Published 2026-04-10 | Updated 2026-04-10 | Assigner synology

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Plaintext Storage of a Password

Product status

Default status

affected

* (semver) before 1.4.5-0684

affected

Credits

Laurent Sibilla (https://www.linkedin.com/in/lsibilla/) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_26_05 (Synology-SA-26:05 Synology SSL VPN Client) vendor-advisory

cve.org (CVE-2021-47961)

nvd.nist.gov (CVE-2021-47961)

Download JSON