CVE-2021-47961 Synology — Exploit & Vulnerability Details HIGH

CVE-2021-47961

HIGH CVSS 3.1: 8.1 EPSS 0.04%

Parameter	Value
CVSS	8.1 (HIGH)
Affected Versions	before 1.4.5
Type	CWE-256
Vendor	Synology
Public PoC	No

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-256

References 1

https://www.synology.com/en-global/security/advisory/Synology_SA_26_05

security@synology.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2021-47960

Synology

6.5

CVE-2026-35635

Synology

6.3

CVE-2026-31998

Synology

8.3

CVE-2026-3091

Synology

6.7

CVE-2024-47266

Synology

2.7

Menu

CVE-2021-47961

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2021-47960

CVE-2026-35635

CVE-2026-31998

CVE-2026-3091

CVE-2024-47266

CVE Details

Editor's Choice

Menu

CVE-2021-47961

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2021-47960

CVE-2026-35635

CVE-2026-31998

CVE-2026-3091

CVE-2024-47266

CVE Details

Editor's Choice

Stay informed on cybersecurity