The vulnerability was initially discovered on a D-Link DNS-320 rev A device running firmware version 2.05b8 (also known as: 2.13.0507.2014 The vulnerability can be used to read and write settings accessible through the web interface. Both earlier and later versions may be affected as well. Vulnerable devices should not be accessible from untrusted and potentially hostile networks such as the internet. The greatest risk may come from malware, more specifically ransomware. The vulnerability described in this advisory enables ransomware to have data deleted from a NAS device the next time the victim logs into the administrative web interface.”]
Source: https://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html