Important Information about "libupnp: write files via POST" (CVE-2016-6255)
On July 18th, a vulnerability regarding libupnp was discovered. This vulnerability results in unauthorized file transfer from/to the system when UPnP-related services are running. Affected products and features include:
- All DSM versions prior to DSM 6.0.1-2
- Control Panel > External Access > Router Configuration
- USB Wi-Fi dongles installed for hotspots
- Any other UPnP-related packages
- Audio Station
- Video Station
- Media Server
- Download Station
Please configure firewall settings and allow UPnP access for trusted network only.
Synology has released DSM 6.0.1-2 to address the issue.