CVE-2023-52948
Description
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing encryption of sensitive data in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credentials.
Vulnerability
The settings functionality in Synology Active Backup for Business Agent before version 2.7.0-3221 does not encrypt sensitive data, allowing local users to obtain user credentials via unspecified vectors [1].
Exploitation
The attacker must have local access to the system where the affected agent is installed. No authentication is required to trigger the vulnerability, but user interaction is needed. The local user can exploit the missing encryption in the settings feature to retrieve stored credentials, without requiring elevated privileges or advanced network access [1].
Impact
Successful exploitation leads to the disclosure of user credentials, compromising confidentiality. The attacker gains access to sensitive authentication data, which could be used to further compromise the affected system or related services. The CVSSv3 base score is 5.0 (medium), with the attack vector being local and the scope unchanged [1].
Mitigation
Synology has released a fixed version 2.7.0-3221 of Active Backup for Business Agent. Users should upgrade to this version or later to remediate the vulnerability. No workaround is available. The advisory does not list this CVE in the known exploited vulnerabilities (KEV) catalog [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<2.7.0-3221+ 1 more
- (no CPE)range: <2.7.0-3221
- (no CPE)range: *
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.synology.com/en-global/security/advisory/Synology_SA_24_11mitrevendor-advisory
News mentions
0No linked articles in our index yet.