CVE-2021-47960

CVSS 6.5 · Medium EPSS 0.03% · P10 Updated Apr 10, 2026

Possible ATT&CK Techniques 2AI

T1059 · Command and Scripting Interpreter T1005 · Data from Local System

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-47960

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对外部实体的文件或目录可访问

Source: NVD (National Vulnerability Database)

Vulnerability Title

Synology SSL VPN Client 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Synology SSL VPN Client是中国群晖（Synology）公司的一款用于安全连接Synology NAS的VPN客户端软件。 Synology SSL VPN Client 1.4.5-0684之前版本存在安全漏洞，该漏洞源于外部可访问文件或目录，可能导致远程攻击者通过本地HTTP服务器访问安装目录中的敏感文件，造成信息泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Synology	Synology SSL VPN Client	* ~ 1.4.5-0684	-

II. Public POCs for CVE-2021-47960

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-47960

请登录查看更多情报信息。

Vendor Advisories for CVE-2021-47960 (1)

Synology_SA_26_05 | Synology Inc.vendor-advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-47960

IV. Related Vulnerabilities

Same product: Synology SSL VPN Client

Same vendor: Synology

Same weakness: CWE-552

V. Comments for CVE-2021-47960

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-47960

Possible ATT&CK Techniques 2AI

I. Basic Information for CVE-2021-47960

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-47960

III. Intelligence Information for CVE-2021-47960

Vendor Advisories for CVE-2021-47960 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2021-47960

Leave a comment