PatchSiren cyber security CVE debrief
CVE-2021-47961 Synology CVE debrief
A plaintext storage vulnerability in Synology SSL VPN Client before version 1.4.5-0684 allows remote attackers to access or influence a user's PIN code due to insecure storage. The vulnerability, published on 2026-04-10 and last modified on 2026-05-29, carries a CVSS 3.1 score of 8.1 (HIGH severity) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. The attack requires network access, low attack complexity, no privileges, but does require user interaction. Successful exploitation may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction. The root cause is categorized under CWE-256 (Plaintext Storage of a Password). Synology has addressed this issue in SSL VPN Client version 1.4.5-0684.
- Vendor
- Synology
- Product
- Synology SSL VPN Client
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-05-29
Who should care
Organizations deploying Synology SSL VPN Client for remote access should prioritize patching. Security teams managing endpoint VPN configurations and incident responders investigating potential unauthorized VPN access should review this vulnerability.
Technical summary
The Synology SSL VPN Client prior to 1.4.5-0684 stores the user's PIN code in plaintext, enabling remote attackers with network access to retrieve or influence this credential. With user interaction, an attacker can leverage this access to modify VPN configurations and potentially intercept subsequent VPN traffic. The confidentiality and integrity impacts are rated HIGH, with no availability impact. The vulnerability is remotely exploitable with low complexity but requires user interaction, preventing fully automated exploitation.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Synology SSL VPN Client to version 1.4.5-0684 or later to remediate the plaintext PIN storage vulnerability.
- Review VPN client configurations for unauthorized changes that may indicate prior exploitation.
- Audit endpoint storage locations where the SSL VPN Client may cache or store credentials to ensure no residual plaintext PIN data remains after patching.
- Educate users about phishing and social engineering risks, as successful exploitation requires user interaction.
- Monitor VPN connection logs for anomalous configuration changes or unexpected traffic patterns.
Evidence notes
The affected product is Synology SSL VPN Client with versions prior to 1.4.5-0684 being vulnerable, as confirmed by NVD CPE criteria and Synology's vendor advisory.
Official resources
-
CVE-2021-47961 CVE record
CVE.org
-
CVE-2021-47961 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
The vulnerability was published in the NVD on 2026-04-10 and analyzed by 2026-05-29. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA KEV.