The most serious vulnerability is located in the Synology Photo Station, a feature of DiskStation Manager. Photo Station allows users to create online photo albums and blogs that can be accessed remotely using the NAS device’s public IP (Internet Protocol) address. Researchers from Dutch firm Securify found that Photo Station did not properly sanitize user input, allowing potential attackers to inject system commands that would be executed with the privileges of the Web server. The vulnerability was fixed last week in version 6.3-2945 of Photo Station.”]