SSL VPN Client: files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote…
Summary
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
- 1.4.5-0684
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- 1.4.5-0684
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Upgrade the affected Synology product to a fixed release: 1.4.5-0684.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.