CVE-2021-47960 | Synology SSL VPN Client up to 1.4.5-0683 Loopback Interface file access (SA_26_05)

VDB-356814 · CVE-2021-47960 · SA_26_05 SYNOLOGY SSL VPN CLIENT UP TO 1.4.5-0683 LOOPBACK INTERFACE FILE ACCESS HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.3 $0-$5k 1.71+ Summaryinfo A vulnerability labeled as problematic has been found in Synology SSL VPN Client up to 1.4.5-0683. The impacted element is an unknown function of the component Loopback Interface. The manipulation results in file access. This vulnerability is cataloged as CVE-2021-47960. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded. Detailsinfo A vulnerability classified as problematic has been found in Synology SSL VPN Client up to 1.4.5-0683. Affected is an unknown part of the component Loopback Interface. The manipulation with an unknown input leads to a file access vulnerability. CWE is classifying the issue as CWE-552. The product makes files or directories accessible to unauthorized actors, even though they should not be. This is going to have an impact on confidentiality. CVE summarizes: A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure. The advisory is available at synology.com. This vulnerability is traded as CVE-2021-47960 since 04/10/2026. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1083 by the MITRE ATT&CK project. Upgrading to version 1.4.5-0684 eliminates this vulnerability. Productinfo Type Network Encryption Software Vendor Synology Name SSL VPN Client Version 1.4.5-0683 License commercial Website Vendor: https://www.synology.com/ CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.4 VulDB Meta Temp Score: 5.3 VulDB Base Score: 4.3 VulDB Temp Score: 4.1 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 6.5 CNA Vector (synology): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: File access CWE: CWE-552 / CWE-425 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: SSL VPN Client 1.4.5-0684 Timelineinfo 04/10/2026 Advisory disclosed 04/10/2026 +0 days CVE reserved 04/10/2026 +0 days VulDB entry created 04/10/2026 +0 days VulDB entry last update Sourcesinfo Vendor: synology.com Advisory: SA_26_05 Status: Confirmed CVE: CVE-2021-47960 (🔒) GCVE (CVE): GCVE-0-2021-47960 GCVE (VulDB): GCVE-100-356814 Entryinfo Created: 04/10/2026 15:49 Changes: 04/10/2026 15:49 (66) Complete: 🔍 Cache ID: 99:64F:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸