NAS maker QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems. The NAS maker has patched six vulnerabilities affecting earlier versions of its FreeBSD, Linux, and 128-bit ZFS based OSs. The list of vulnerabilities includes command injection, cross-site scripting (XSS), and hard-coded password security bugs have been reported by TIM Security Red Team Research, Lodestone Security, and the CFF of Topsec Security.
Source: https://www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/