19 matches found
EUVD-2021-34779
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...
EUVD-2021-34777
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...
CVE-2021-47961
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...
CVE-2021-47961
The CVE describes a plaintext password storage vulnerability in Synology SSL VPN Client prior to version 1.4.5-0684 . The insecure storage can allow remote attackers to access or influence the user’s PIN, potentially enabling unauthorized VPN configuration and interception of subsequent VPN traff...
CVE-2021-47961
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...
CVE-2021-47960
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...
Synology SSL VPN Client 安全漏洞
The Synology SSL VPN Client is a VPN client software developed by Synology, a Chinese company, used for secure connection to Synology NAS devices. Versions of the Synology SSL VPN Client prior to 1.4.5-0684 contained security vulnerabilities. These vulnerabilities stemmed from improper storage of...
PT-2026-31905
Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A flaw exists in Synology SSL VPN Client that allows remote attackers to access files within the installation directory. This is achieved by leveraging a local HTTP server bound ...
PT-2026-31906
Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized...
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2023-5748
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...
Buffer overflow
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...
PT-2022-6125
Name of the Vulnerable Software and Affected Versions Synology VPN Plus Server versions prior to 1.4.3-0534 and 1.4.4-0635 Description The issue is related to an out-of-bounds write vulnerability in the Remote Desktop functionality of Synology VPN Plus Server. This vulnerability can be exploited ...
Synology SSL VPN Client Privilege Permission and Access Control Issues Vulnerability
Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from Synology, Taiwan, China. A vulnerability exists in Synology SSL VPN Client with privilege permission and access control issues. An attacker can exploit this vulnerability to conduct a man-in-the-middle...
CVE-2018-13283
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the 1 command, 2 hostname, or 3 port parameter...
Synology SSL VPN Client Man-in-the-Middle Attack Vulnerability
Synology SSL VPN Client is a VPN client software for connecting to internal encrypted networks from Synology. A security vulnerability exists in the HTTP daemon in Synology SSL VPN Client versions prior to 1.2.4-0224, which stems from the program's failure to enforce proper restrictions on the...