The remote code execution is a combination of 4 different vulnerabilities:
CVE-2017-11151 allows remote attackers to upload arbitrary files to the specified directories.
CVE-2017-11152 allows remote attackers to log in with a fake authentication mechanism.
CVE-2017-11153 allows remote attackers to log in to Photo Station with any identities.
CVE-2017-11154 allows remote authenticated attackers with administrator privileges in Photo Station to execute arbitrary codes on the vulnerable NAS.
CVE-2017-11155 allows remote attackers to identify whether Photo Station is vulnerable or not.
The chain of vulnerabilities will allow you, in the end, to execute code as:
Proof of Concept:
- 08-08-2017: New version released, issue resolved