Main Vulnerability Database Vulnerabilities #VU125952

#VU125952 Unprotected storage of credentials in SSL VPN Client - CVE-2021-47961

Published: April 14, 2026

Vulnerability identifier: #VU125952

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-47961

CWE-ID: CWE-256

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SSL VPN Client

Software vendor:
Synology Inc.

Description

The vulnerability allows a remote attacker to obtain or manipulate the PIN code, potentially leading to unauthorized VPN configuration and traffic interception.

The vulnerability exists due to plaintext storage of a password in PIN code storage when a user interacts with a crafted web page. A remote attacker can trick the victim into interacting with a crafted web page to obtain or manipulate the PIN code, potentially leading to unauthorized VPN configuration and traffic interception.

User interaction is required.

Remediation

Install security update from vendor's website.

External links

https://www.synology.com/en-global/security/advisory/Synology_SA_26_05

#VU125952 Unprotected storage of credentials in SSL VPN Client - CVE-2021-47961

Description

Remediation

External links

Please verify you're human