CVE-2023-52951
Analyzed Analyzed - Analysis Complete

Cleartext Credential Transmission in Synology Note Station Client

Vulnerability report for CVE-2023-52951, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-03

Last updated on: 2026-06-05

Assigner: Synology Inc.

Description

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-03
Last Modified
2026-06-05
Generated
2026-07-14
AI Q&A
2026-06-03
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
synology note_station_client to 2.2.4-703 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the cleartext transmission of sensitive information in Synology Note Station Client versions before 2.2.4-703. Because the data, including user credentials, is sent without encryption, a man-in-the-middle attacker can intercept and obtain these credentials.

Compliance Impact

The vulnerability involves cleartext transmission of sensitive information, specifically user credentials, which can be intercepted by man-in-the-middle attackers.

Such exposure of sensitive data could potentially lead to non-compliance with data protection regulations like GDPR and HIPAA, which require protection of personal and sensitive information during transmission.

However, the provided information does not explicitly state the impact on compliance with these standards.

Mitigation Strategies

To mitigate this vulnerability, you should update Synology Note Station Client to version 2.2.4-703 or later, where the cleartext transmission of sensitive information has been addressed.

Impact Analysis

The vulnerability can allow an attacker positioned between the user and the server to capture user credentials. This can lead to unauthorized access to the user's account and potentially sensitive data stored within the Synology Note Station Client.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-52951. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart