CVE-2024-47269
Cleartext Transmission of Sensitive Data in Synology Surveillance Station
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | surveillance_station | to 9.2.2-9575 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the cleartext transmission of sensitive information in the Export Key functionality of Synology Surveillance Station versions before 9.2.2-11575 and 9.2.2-9575.
It allows remote authenticated users who have administrator privileges to obtain sensitive information through unspecified methods.
How can this vulnerability impact me? :
The vulnerability can lead to the exposure of sensitive information to remote attackers who have administrator access.
Since the information is transmitted in cleartext, it can be intercepted, potentially compromising confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves cleartext transmission of sensitive information in Synology Surveillance Station, which could lead to unauthorized disclosure of sensitive data by remote authenticated administrators.
Such exposure of sensitive information may impact compliance with data protection regulations like GDPR and HIPAA, which require protection of sensitive data in transit to prevent unauthorized access or disclosure.
However, specific impacts on compliance or mitigation measures are not detailed in the provided information.