CVE-2017-15889

Summary

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.

Affected Software

VendorProductVersion RangeStatus
SynologyDiskStation Manager (DSM)before 5.2-5967-5affected

Weaknesses

  • CWE-77: Improper Neutralization of Special Elements used in a Command (CWE-77)

ADP Enrichment

CVE Program Container

Additional References

References