Platform
synology
Component
synology-ssl-vpn-client
Fixed in
1.4.5-0684
CVE-2021-47961 describes a vulnerability in Synology SSL VPN Client versions 1.0.0 through 1.4.5-0684. This vulnerability involves the insecure plaintext storage of a user's PIN code, allowing a remote attacker to potentially access this sensitive information. Successful exploitation could lead to unauthorized VPN configuration and interception of subsequent VPN traffic, particularly if combined with user interaction. A patch is available from Synology.
The primary impact of CVE-2021-47961 is the exposure of user PIN codes. An attacker who gains access to this information can leverage it to configure unauthorized VPN connections. This could allow them to intercept VPN traffic, potentially gaining access to sensitive data transmitted through the VPN tunnel. The attack scenario involves an attacker gaining access to the device where the VPN client is installed and then extracting the PIN code from storage. The blast radius extends to any data transmitted through the VPN connection, potentially impacting confidential business information, user credentials, or other sensitive data. While the vulnerability requires local access to the device or its storage, the potential for data interception makes it a significant security risk.
CVE-2021-47961 was published on 2026-04-10. There is no indication of active exploitation or KEV listing at the time of writing. Public proof-of-concept code is currently unavailable. The vulnerability's reliance on local access to the device limits its immediate exploitability, but the potential for data interception remains a concern.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2021-47961 is to upgrade Synology SSL VPN Client to version 1.4.5-0684 or later. This version addresses the insecure storage of the PIN code. If immediate upgrade is not possible, consider implementing stricter access controls to the device where the VPN client is installed to prevent unauthorized access to its storage. Monitoring system logs for unusual activity related to VPN connections can also help detect potential exploitation. After upgrading, verify the fix by attempting to access the PIN code storage (if feasible and permitted by Synology's security policies) and confirming it is no longer stored in plaintext.
Update Synology SSL VPN Client to version 1.4.5-0684 or later to correct the vulnerability. The update removes the plaintext storage of passwords, preventing unauthorized access to PIN codes and VPN configuration.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-47961 is a vulnerability in Synology SSL VPN Client affecting versions 1.0.0–1.4.5-0684 where PIN codes are stored in plaintext, allowing attackers to potentially intercept VPN traffic.
You are affected if you are using Synology SSL VPN Client versions 1.0.0 through 1.4.5-0684. Upgrade to the latest version to mitigate the risk.
Upgrade Synology SSL VPN Client to version 1.4.5-0684 or later. This resolves the insecure PIN code storage issue.
There is currently no public information indicating active exploitation of CVE-2021-47961.
Please refer to the Synology Security Advisory for detailed information and updates regarding CVE-2021-47961: [https://www.synology.com/en-global/security/advisory/SSVPN-SA-21-07]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.