Laurent Sibilla

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A flaw exists in Synology SSL VPN Client that allows remote attackers to access files within the installation directory. This is achieved by leveraging a local HTTP server bound to the loopback interface and user interaction with a specially crafted web page. Successful exploitation can lead to the retrieval of sensitive files, including configuration files, certificates, and logs, resulting in information disclosure. Recommendations Update Synology SSL VPN Client to version 1.4.5-0684 or later.

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized VPN configuration and potential interception of VPN traffic if a user interacts with the system. Recommendations Update to version 1.4.5-0684 or later.