8.1
CVE-2021-47961
- EPSS 0.32%
- Veröffentlicht 10.04.2026 10:16:03
- Zuletzt bearbeitet 29.05.2026 19:05:55
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Ssl Vpn Client Version < 1.4.5-0684
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.238 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-256 Plaintext Storage of a Password
The product stores a password in plaintext within resources such as memory or files.
https://www.synology.com/en-global/security/advisory/Synology_SA_26_05