CVE-2015-6912

Name of the Vulnerable Software and Affected Versions Synology Video Station versions prior to 1.5-0763

Description The issue allows remote attackers to execute arbitrary shell commands. This is achieved by injecting shell metacharacters into the subtitle codepage parameter of the "subtitle.cgi" endpoint.

Recommendations For versions prior to 1.5-0763, update to version 1.5-0763 or later to resolve the issue. As a temporary workaround, consider restricting access to the subtitle.cgi endpoint to minimize the risk of exploitation. Avoid using the subtitle codepage parameter in the affected endpoint until the issue is resolved.