2457267 – (CVE-2021-47960) CVE-2021-47960 synology: Synology SSL VPN Client: Information Disclosure via local HTTP server and crafted web page interaction

Bug 2457267 (CVE-2021-47960) - CVE-2021-47960 synology: Synology SSL VPN Client: Information Disclosure via local HTTP server and crafted web page interaction

Summary: CVE-2021-47960 synology: Synology SSL VPN Client: Information Disclosure via ...

Keywords:
Status:	NEW
Alias:	CVE-2021-47960
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-10 10:01 UTC by OSIDB Bzimport
Modified:	2026-04-10 10:18 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-10 10:01:34 UTC

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.

Note You need to log in before you can comment on or make changes to this bug.