CVE-2021-47961
Analyzed Analyzed - Analysis Complete
Plaintext Password Storage in Synology SSL VPN Client Enables Unauthorized Access

Publication date: 2026-04-10

Last updated on: 2026-05-29

Assigner: Synology Inc.

Description
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47961
EUVD
EUVD-2021-34779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
synology ssl_vpn_client to 1.4.5-0684 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can lead to unauthorized access to your VPN configuration by remote attackers.

It may also result in interception of your VPN traffic, compromising the confidentiality and integrity of your communications.

Executive Summary

This vulnerability involves the Synology SSL VPN Client versions before 1.4.5-0684 storing passwords in plaintext. Because of this insecure storage, remote attackers can access or influence the user's PIN code.

Exploiting this vulnerability may allow attackers to gain unauthorized access to VPN configurations and potentially intercept VPN traffic if the user interacts with the attacker.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47961. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart