VIR Vulnerability Intelligence Relay

CVE-2017-16766

medium
Published 2017-12-22 · Modified 2026-05-13
CVSS v3
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS v2
6.4
VIR risk
6.5

Description

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@synology.com — https://www.synology.com/en-global/support/security/Synology_SA_17_74

Application impact
VendorProductVersionsFixed
synologydiskstation_manager{"startIncluding":"6.0.0","endExcluding":"6.0.3-8754-6"}6.0.3-8754-6

References

CWEs

CWE-284 CWE-74

Verify integrity in audit chain (admin only). AS-IS.