CVE-2017-15889

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5

Description The issue allows remote authenticated users to execute arbitrary commands via the disk field in the smart.cgi script. This can be exploited by sending a malicious request to the vulnerable API endpoint.

Recommendations For versions prior to 5.2-5967-5, update to version 5.2-5967-5 or later to resolve the issue. As a temporary workaround, consider restricting access to the smart.cgi script to minimize the risk of exploitation.