Cleartext Transmission Vulnerability in Synology Note Station Client
CVE-2023-52951

5.9MEDIUM

Key Information:

Vendor: Synology
Status: Synology Note Station Client
Vendor: CVE Published:; 3 June 2026

What is CVE-2023-52951?

The Synology Note Station Client before version 2.2.4-703 contains a vulnerability that permits man-in-the-middle attackers to capture sensitive information, including user credentials, during transmission. This flaw arises from the application's failure to properly secure data sent over the network, allowing unauthorized access and potential exploitation of user data. Users are encouraged to upgrade to the latest version to mitigate such risks.

Affected Version(s)

Synology Note Station Client *

References

https://www.synology.com/en-global/releaseNote/NoteStatio...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
Sep 24, 2024

Credit

Zhao Runzi (赵润梓)

CVE-2023-52951 Data

JSON