Medium severity6.5NVD Advisory· Published Dec 22, 2017· Updated Jun 17, 2026
CVE-2017-16766
CVE-2017-16766
Description
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*range: >=6.0.0,<6.0.3-8754-6
- cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*range: >=6.1.0,<6.1.4-15217
- (no CPE)range: <6.1.4-15217, <6.0.3-8754-6
- (no CPE)range: before 6.1.4-15217
Patches
Vulnerability mechanics
References
1- www.synology.com/en-global/support/security/Synology_SA_17_74nvdVendor Advisory
News mentions
0No linked articles in our index yet.