CVE-2023-52951
Analyzed Analyzed - Analysis Complete
Cleartext Credential Transmission in Synology Note Station Client

Publication date: 2026-06-03

Last updated on: 2026-06-05

Assigner: Synology Inc.

Description
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-05
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2023-52951
EUVD
EUVD-2023-60579
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
synology note_station_client to 2.2.4-703 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the cleartext transmission of sensitive information in Synology Note Station Client versions before 2.2.4-703. Because the data, including user credentials, is sent without encryption, a man-in-the-middle attacker can intercept and obtain these credentials.

Impact Analysis

The vulnerability can allow an attacker positioned between the user and the server to capture user credentials. This can lead to unauthorized access to the user's account and potentially sensitive data stored within the Synology Note Station Client.

Compliance Impact

The vulnerability involves cleartext transmission of sensitive information, specifically user credentials, which can be intercepted by man-in-the-middle attackers.

Such exposure of sensitive data could potentially lead to non-compliance with data protection regulations like GDPR and HIPAA, which require protection of personal and sensitive information during transmission.

However, the provided information does not explicitly state the impact on compliance with these standards.

Mitigation Strategies

To mitigate this vulnerability, you should update Synology Note Station Client to version 2.2.4-703 or later, where the cleartext transmission of sensitive information has been addressed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-52951. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart