CVE-2017-16766

Summary

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

Affected Software

VendorProductVersion RangeStatus
SynologyDiskStation Manager (DSM)before 6.1.4-15217affected
SynologyDiskStation Manager (DSM)before 6.0.3-8754-6affected

Weaknesses

  • CWE-284: Improper Access Control (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References