Lucene search
K

13 matches found

EUVD
EUVD
added 2026/04/10 12:31 p.m.4 views

EUVD-2021-34777

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 12:31 p.m.5 views

EUVD-2021-34779

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 9:22 a.m.31 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:22 a.m.2 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 9:22 a.m.12 views

CVE-2021-47961

The CVE describes a plaintext password storage vulnerability in Synology SSL VPN Client prior to version 1.4.5-0684 . The insecure storage can allow remote attackers to access or influence the user’s PIN, potentially enabling unauthorized VPN configuration and interception of subsequent VPN traff...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 9:21 a.m.6 views

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.11 views

PT-2026-31905

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A flaw exists in Synology SSL VPN Client that allows remote attackers to access files within the installation directory. This is achieved by leveraging a local HTTP server bound ...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-31906

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized...

9.4CVSS5.9AI score0.00322EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.11 views

Synology SSL VPN Client 安全漏洞

The Synology SSL VPN Client is a VPN client software developed by Synology, a Chinese company, used for secure connection to Synology NAS devices. Versions of the Synology SSL VPN Client prior to 1.4.5-0684 contained security vulnerabilities. These vulnerabilities stemmed from improper storage of...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2023/11/07 4:24 a.m.3 views

CVE-2023-5748

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...

5.5CVSS5.8AI score0.00194EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/03 12:0 a.m.5 views

Synology SSL VPN Client Privilege Permission and Access Control Issues Vulnerability

Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from Synology, Taiwan, China. A vulnerability exists in Synology SSL VPN Client with privilege permission and access control issues. An attacker can exploit this vulnerability to conduct a man-in-the-middle...

8.8CVSS6.8AI score0.01384EPSS
Exploits0References1
OSV
OSV
added 2019/04/01 3:29 p.m.2 views

CVE-2018-13283

Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the 1 command, 2 hostname, or 3 port parameter...

7.4CVSS5.8AI score0.01384EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/10 12:0 a.m.5 views

Synology SSL VPN Client Man-in-the-Middle Attack Vulnerability

Synology SSL VPN Client is a VPN client software for connecting to internal encrypted networks from Synology. A security vulnerability exists in the HTTP daemon in Synology SSL VPN Client versions prior to 1.2.4-0224, which stems from the program's failure to enforce proper restrictions on the...

8.1CVSS7.8AI score0.00753EPSS
Exploits0References1
Rows per page
Query Builder