CVE-2021-47960 Synology — Exploit & Vulnerability Details MEDIUM

CVE-2021-47960

MEDIUM CVSS 3.1: 6.5 EPSS 0.03%

Parameter	Value
CVSS	6.5 (MEDIUM)
Affected Versions	before 1.4.5
Type	CWE-552
Vendor	Synology
Public PoC	No

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-552

References 1

https://www.synology.com/en-global/security/advisory/Synology_SA_26_05

security@synology.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2021-47961

Synology

8.1

CVE-2026-35635

Synology

6.3

CVE-2026-31998

Synology

8.3

CVE-2026-3091

Synology

6.7

CVE-2024-47266

Synology

2.7

Menu

CVE-2021-47960

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2021-47961

CVE-2026-35635

CVE-2026-31998

CVE-2026-3091

CVE-2024-47266

CVE Details

Editor's Choice

Menu

CVE-2021-47960

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2021-47961

CVE-2026-35635

CVE-2026-31998

CVE-2026-3091

CVE-2024-47266

CVE Details

Editor's Choice

Stay informed on cybersecurity