CVE-2023-52951 | THREATINT

Description

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.

PUBLISHED Reserved 2024-09-24 | Published 2026-06-03 | Updated 2026-06-03 | Assigner synology

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Cleartext Transmission of Sensitive Information

Product status

Default status

affected

* (semver) before 2.2.4-703

affected

Credits

Zhao Runzi (赵润梓) finder

References

www.synology.com/en-global/releaseNote/NoteStationClient (Release note) vendor-advisory

cve.org (CVE-2023-52951)

nvd.nist.gov (CVE-2023-52951)

Download JSON