CVE-2017-15889

HIGH

Synology DiskStation Manager < 5.2-5967-5 - Authenticated Command Injection via smart.cgi Disk Field

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-15889. PoCs published by Metasploit, Nigusu Kassahun, h00die, including Metasploit module exploits/linux/http/synology_dsm_smart_exec_auth.

AI-analyzed exploit summary This Metasploit module exploits CVE-2017-15889, a command injection vulnerability in Synology DiskStation Manager's smart.cgi, allowing authenticated RCE as root. It stages a payload via wget due to a 30-character command limit.

Description

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/48514

View Code ZIP pw:eip

This Metasploit module exploits CVE-2017-15889, a command injection vulnerability in Synology DiskStation Manager's smart.cgi, allowing authenticated RCE as root. It stages a payload via wget due to a 30-character command limit.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Synology DiskStation Manager (DSM) < 5.2-5967-5

Auth required

Prerequisites: Valid credentials for Synology DSM · Network access to port 5000

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Nigusu Kassahun, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/synology_dsm_smart_exec_auth.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Synology DiskStation Manager (DSM) via the smart.cgi endpoint, allowing authenticated remote command execution as root. It stages a payload by writing a wget input file to bypass character limitations and executes arbitrary commands.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Synology DiskStation Manager (DSM) < 5.2-5967-5

Auth required

Prerequisites: Valid credentials for Synology DSM · Network access to the target

MITRE ATT&CK

T1021 - Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.synology.com/en-global/support/security/Synology_SA_17_65_DSM

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/157807/Synology-DiskStation-Manager-smart.cgi-Remote-Command-Execution.html

Scores

CVSS v3 8.8

EPSS 0.6238

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (2)

Synology/DiskStation Manager (DSM) before 5.2-5967-5

synology/diskstation_manager < 5.2-5967-5

Published Dec 04, 2017

Tracked Since Feb 18, 2026