PT-2026-31905 · Synology · Synology Ssl Vpn Client
Laurent Sibilla
·
Published
2026-04-10
·
Updated
2026-04-13
·
CVE-2021-47960
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Synology SSL VPN Client versions prior to 1.4.5-0684
Description
A flaw exists in Synology SSL VPN Client that allows remote attackers to access files within the installation directory. This is achieved by leveraging a local HTTP server bound to the loopback interface and user interaction with a specially crafted web page. Successful exploitation can lead to the retrieval of sensitive files, including configuration files, certificates, and logs, resulting in information disclosure.
Recommendations
Update Synology SSL VPN Client to version 1.4.5-0684 or later.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Synology Ssl Vpn Client