A vulnerability in some versions of Synology’s Cloud Station client for OS X can enable any user to take over system files and gain complete control of the machine. The vulnerability affects Cloud Station OS X client versions from 1.1-2291 up to 3.2-3475. Synology also has fixed a command-injection vulnerability in its Photo Station application that could lead to an attacker being able to compromise a NAS device. The company has released a new version of the client that fixes the vulnerability.
Source: https://threatpost.com/synology-fixes-file-takeover-flaw-in-cloud-station-os-x-client/112992/