Cyber Resilience

CVE-2021-47961

HighUpdated

Published: 10 April 2026

Published
10 April 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0032 23.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47961 is a high-severity Plaintext Storage of a Password (CWE-256) vulnerability in Synology Ssl Vpn Client. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2021-47961 is a plaintext storage of a password vulnerability (CWE-256) in Synology SSL VPN Client versions before 1.4.5-0684. The flaw stems from insecure storage that exposes the user's PIN code to remote attackers, who can access or influence it.

Remote attackers can exploit this over the network with low attack complexity, no privileges, and user interaction required, as indicated by the CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Exploitation allows high-impact confidentiality and integrity violations, such as unauthorized VPN configuration and potential interception of subsequent VPN traffic when paired with user interaction.

Synology's security advisory (https://www.synology.com/en-global/security/advisory/Synology_SA_26_05) details mitigation, recommending an update to Synology SSL VPN Client version 1.4.5-0684 or later to address the insecure storage issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of…

more

subsequent VPN traffic when combined with user interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Direct match to insecure plaintext credential storage (CWE-256) enabling credential theft from client files/config.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-11131Same product class: NAS / storage appliance
CVE-2025-30028Same product class: NAS / storage appliance
CVE-2024-50630Same product class: NAS / storage appliance
CVE-2022-49036Same product class: NAS / storage appliance
CVE-2024-10441Same product class: NAS / storage appliance
CVE-2025-12686Same product class: NAS / storage appliance
CVE-2024-10444Same product class: NAS / storage appliance
CVE-2023-52945Same product class: NAS / storage appliance
CVE-2026-3091Same product class: NAS / storage appliance
CVE-2025-14713Same product class: NAS / storage appliance

Affected Assets

synology
ssl vpn client
≤ 1.4.5-0684

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic mechanisms to protect sensitive information like PIN codes at rest, directly preventing plaintext storage exploitation.

prevent

Mandates secure management and protection of authenticators such as PIN codes, addressing insecure storage of VPN credentials.

prevent

Requires timely flaw remediation including patching Synology SSL VPN Client to version 1.4.5-0684 or later to fix the plaintext storage vulnerability.

References