Insecure Password Storage in Synology SSL VPN Client
CVE-2021-47961

8.1HIGH

Key Information:

Vendor: Synology
Status: Synology Ssl Vpn Client
Vendor: CVE Published:; 10 April 2026

What is CVE-2021-47961?

A vulnerability in the Synology SSL VPN Client prior to version 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to its insecure storage mechanism. This issue can lead to unauthorized modifications of VPN configuration and, when combined with user interaction, may enable attackers to intercept subsequent VPN traffic, compromising the integrity and confidentiality of the user's communications.

Affected Version(s)

Synology SSL VPN Client *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

Credit

Laurent Sibilla (https://www.linkedin.com/in/lsibilla/)

CVE-2021-47961 Data

JSON