CVE-2021-47961

HIGH

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

CVSS v3.1 Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Published: 4/10/2026Modified: 5/29/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://www.synology.com/en-global/security/advisory/Synology_SA_26_05Vendor Advisory