We use cookies to help us improve our webpage. Please read our Cookie Policy.

Synology-SA-17:74 DSM

Publish Time: 2017-11-24 18:01:27 UTC+8

Last Updated: 2017-12-22 14:16:46 UTC+8

Severity
Moderate
Status
Resolved

Abstract

CVE-2017-16766 allows local users to inject arbitrary web script and HTML via susceptible versions of Synology DiskStation Manager (DSM).

Severity

Affected

  • Products
    • DSM 6.1
    • DSM 6.0
  • Models
    • All Synology models

Description

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

Mitigation

None

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.4-15217 or above or DSM 6.0 to 6.0.3-8754-6 or above.