CVE-2016-10329

Name of the Vulnerable Software and Affected Versions Synology Photo Station versions prior to 6.5.3-3226

Description A command injection issue exists, allowing remote attackers to execute arbitrary code by including shell metacharacters in a crafted X-Forwarded-For header.

Recommendations For versions prior to 6.5.3-3226, update to version 6.5.3-3226 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.php file to minimize the risk of exploitation. Avoid using the X-Forwarded-For header in the affected API endpoint until the issue is resolved.