8.1
CVE-2021-47961
- EPSS 0.05%
- Veröffentlicht 10.04.2026 10:16:03
- Zuletzt bearbeitet 13.04.2026 15:02:06
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSynology
≫
Produkt
Synology SSL VPN Client
Default Statusaffected
Version
*
Version <
1.4.5-0684
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.149 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@synology.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.